Thats a nice point. Sadly, the present policy makers' response to this is "Lets do nothing."
I don't know which is worse -- the "Let's do nothing" mentality, or the let's panic NOW (and blame our problems on SUV's) mentality. Both the naysayers and the alarmists (at least, the vocal ones) seem pretty irrational. The fact is that there's gotta be some middle ground because the fact is that we don't know. For every bit of evidence, there's contradictory evidence (ie historical trends). For every bit of contradictory evidence, there's something else showing that it's possible and/or happenning now.
I just with that we could all think rationally about this and put some of the emotion aside (no, I'm not holier than anyone else...I can get charged up about this too). It seems that both extremes are...well...dumb.
Let's see here...what do contractors bring to the table on an RFP-based project: Actual accountability, maybe? Less bloat? Less beaurocracy? All of the above?
If something isn't great because it was done by contractors
You're taking my post waaaaaay out of context. Where did I ever say that because contractors made it happen, it was any less great? The point I was trying to make was the opposite -- it wasn't executed by the government (like the Internet). It was done by people who were actually accountable for something.
Everything done in Area 51 is done by contractors. So what's your point?
The point is that the example of something great that was done by the government wasn't really. It was a government initiative. There is a difference. If the project was managed by the federal government, the chance of failure would have been far greater, since they're not as accountable. Perhaps you're not reading this inside of the context of the thread?
Lob all you want, but dont forget that that same inept government developed the internet or at least what became the internet, and without it, you would still be posting comments like yours on dial up BBS's...
No, they didn't develop the Internet. They paid private contractors to develop the Internet. There's quite a difference.
Without getting into a flame war (I won't reply to flames) -- I'd suggest thinking long and hard about installing Gentoo on 10 machines running an existing environment. By all means, install it on your home computer(s). It's quite flexible and is perhaps one of the coolest Linux distros that I've ever worked with.
Presumably, these Linux boxes are actually doing something useful, and they're important to the company that you're working for. I also presume that you'll be leaving the company in 18 months when you finish up your undergrad degree. Now, if you move to a semi-obscure distro like Gentoo, you will leave them with Gentoo. How many admins really know the ins and outs of Gentoo as well as they know some of the more popular distributions like RH, SUSE, Debian, etc? They may have a difficult time finding a competent SA to run those Gentoo boxes...they'll curse your name.
For many (and I'd say that these are the more forward-thinking competent SA's) a large part of systems administration is building an environment that's scalable, easily reproducable, and have everything documented so that he next guy can pick right up where you left off. Building very complex systems from the ground up is very cool...but IMO, is probably best for larger companies with money to toss into a proper staff. I always saw one of Gentoo's strongest points as being an easy way out for large companies who would want to roll their own. Unfortunately, you are one guy -- with ten systems (and I don't know how many users). Best bet for someone like you? Keep it simple.
I would suggest looking into a mainstream Linux distro that will be very easy for you to troubleshoot and maintain (I know that Gentoo is easy to maintain from an update perspective -- don't go there). There are a lot of good distributions out there, and I won't recommend any particular one.
Next step (and here's where I actually get into answering your question): Learn (bourne) shell scripting. Even if you already know shell scripting, your best bet is to learn how to do it in practical situations -- figure out which tedious tasks you tend to perform regularly and start there. The next step is to apply this knowledge to bigger jobs, that you might only perform once. While you're at shell scripting, regular expressions are of very high importance. Learn them. Finally, a higher-level language (like Perl) is very useful; especially when dealing with strings. In my earlier days of SA work, not knowing Perl was a big hinderance -- no sense writing 50 lines of shellcode when 15 lines of Perl could handle it (and faster taboot).
Anyway, that should get you started. Good luck at this gig -- and don't blow it. Good SA jobs can be tricky to come by.
OK, silly subject headers aside -- electric cars may be quiet and clean, but they're usually not as energy efficient as they may seem. A good economy car can usually rival an electric car in terms of energy efficency...and they just wreck them in terms of cost (cheaper to purchase -- due to higher production volume and the use of cheaper materials, and definitely cheaper to own -- more moving parts, but parts are made from heavier, cheaper materials, and are available in higher volume and thus, the costs are reduced).
Motorcycles can be loud, and they can be smelly, but they're probably some of the most fuel efficient vehicles on the road. I've seen 60 MPG on an old ~600cc bike pretty consistently. I don't know what a newer bike can do, but they may be better. However, there are also the issues of weather protection and cargo space...but you were the one who didn't want a big steel box, so you may be out of luck if you want weather protection and cargo capacity in any suitable vehicle (unless you want a carbon fiber monocoque car...bling bling, baby).
It sounds like you're going to have a hard time finding transportation that you're happy with. Have you considered carpooling to work?
I'm a little too skeptical to try it with my primary email address. I tend to agree that some if it may go away initially, but your verified address will eventually be sold.
No matter what you call it, VoIP is doing the same thing Telephones do. VoIP is simply moving into an existing market with new technology. As such, it needs to be regulated in the same manner as the technology it is competing with.
Is it really the same? The end service becomes is the same, however, Vonage has a critical difference. Traditional telco networks require a vast, expsnsive infrastructure. Even with the partial deregulation in the late 90's, competing telcos stil had to lease service from local telco monopolies.
VoIP is pretty different because it doesn't require the same infrastructure. Internet infrastructure is large and expensive, but doesn't require the same regulation, since it's not a government sponsored monopoly -- there are competing ISP's in most metropolitan regions.
I'm not sure that the above warrants the same type of regulation. All they're doing is replacing all of the old infrastructure with a service, using an existing infrastructure which is untaxed. By your logic, all Internet traffic should be taxed -- because that's all this is...Internet traffic.
I believe that she may have a case. Not to say that you are wrong but this is the "American Way", these days. I'd probably do the same and I'm sure that many here would.
Oh, so it's people like you that are arong with this country. Thanks, man. Way to fuck your fellow countrymen over. Personally, I wouldn't sue -- especially in her situation. She doesn't deserve a goddamn thing. While I'm on it -- neither do you. Your logic sounds like the fat people who want to blame McDonald's for their obesity. From your comment, it seems like you're one of those people who will sue anyone with deep pockets without a real claim...and feel like you deserve it. Have you any idea what the consequences of this are? Do you realize that real people lose jobs over these lawsuits? I suppose that you're all for suing all of those "rich", "greedy" doctors to drive the price of med-malpractice up and thus drive the cost of healthcare up?
The fact of the matter is that public companies are evil(tm) and deserve every bit of this. Is the company running out of money? Why do they need to go public?
Wow -- nice absolute statement there. Do you care to back it up with anything? How are all public companies evil? That is a pretty wild generalization -- don't you think? As far as why Google is going public, it's very clear. They'd rather not, but they have over 500 investors, so they have to file as if they were a public company...since they have to file, they may as well take the cash. Of course, if you read some articles before forming an opinion, you'd already know this. Pff.
Greed is the only reason that they are going public. Nothing more. They deserve every bit of what they get.
Do you have anything to back that up? From what I read, it actually sounds quite different...but I guess you don't bother to read newspapers and analyses or anything, hmm?
I'm gonna stop you right there, because, well, Michael Moore is a partisan, sensationalistic idiot. Also, you misspelled "fictional comedy" in your quote above - I highlighted the misspelling for you.
Look, there's no question that there were some inaccuracies in his film. Frankly, everything that he says needs to be taken with a grain of salt -- but he does make some interesting points about fear in America (among other things). Taken for what it is (and not who is saying it, and outside of the B.S.), he really makes some interesting, thought-provoking points.
Of course, that's even better, because we can berate them for installing patches without testing, and we can berate them for not patching in hour 1 and getting a virus. Lamers.
I'm beginning to feel like abroken record here. First -- what software does the patch break? Anything? Anything shrinkwrapped? Did the admins test the patch? If it really broke something, what about all the workarounds mentioned in the bugtraq (and other) advisories?
Finally, we're not talking about patching within an hour. We're talking (in this case, it depends on which patch) between 1-4 weeks.
For all the hoopla, I'd sooner trust a patched, secured(no shares, etc...) Windows 98 machine on a broadband connection than a similarly patched, secured 2k or XP machine. How many of these self-propogating worms existed before 2k introduced the complexities of the NT system?
The system is more complex because that's what the market demands. If we all used Commodore 64's we'd be secure as hell, because the only way in is via 1200 baud dialup. Now that we have high speed broadband connections, as well as tons of Internet connectivity in our homes, as well as every other integrated bell and whistle imaginable -- operating systems have become bigger and more complex. It's not just Windows, it's every modern OS (with a few exceptions). None of these widespread self-propigating worms could exist before a large percentage of homes and businesses were hooked into a high-speed always-on Internet connection.
I'm not being pro-Microsoft here -- I'm just being anti-bullshit. Let's try to be objective about this.
But I would venture to guess that their IT admins are like the admins around here who find that the new security patches often break some other functionality that they're using.
So it's just a choice of being dead in the water one way (no functionality) or dead in the water another way (sploit puts Windows box into constant reboot)...
I've seen this reasoning over and over again. Maybe I'm not looking carefully enough, but what software is this patch actually breaking? The only software that I've heard of that's broken by Microsoft's first patch are custom applications. I'm not sure about the second patch. If an orginization has significant fundage to build, run, and maintain custom apps, then they can surely afford an admin team who is worth their salt enough to research and implement a workaround. It's possible, and is already documented (the best way to prevent this is by utilizing internal firewalls -- not just a border firewall). For 99.9% of organizations out there, I reject the "excuse" that the patch breaks applications as a reason to be dead in the water (...and I'm sure that there are a few exceptions -- there always are).
There's more to adminning than obsessive compulsive security research. Every admin I've ever met who was out there actually earning his paycheque had ten thousand better things to do than putt around slashdot or bugtraq reading up on the latest worm.
That's one of the dumbest things I've ever heard. Of course there's more to the job than research, but it's definitely a big part of the job. How are you supposed to adequately keep your systems patched if you're not actively researching new issues? Research is part of the job. Keeping current is also part of the job. If security is important to your company, then that's part of the job. If it's not an important part of the job, then stop whining about what happens when you don't act properly. If you're overworked -- it's not my problem, and it's not Microsoft's fault. The point is that people need to stop blaming everyone else for their own problems, organizational or otherwise. Companies have to pay to play -- and it's not Microsoft's fault if you or your organization can't provide.
'course, this doesn't matter, since you're being self-righteous. Don't let me get in your way. By all means, keep whining. It's not like the worlds largest software company makes enough profit to start a true security initiative, starting with innovative new designs to stop security holes before they start or anything. Nope, software is insecure, period. It's our fault that microsoft can't get it right the first time. Yup.
On the contrary, I believe that you may be a little self-righteous as well. All I'm saying is that it's the admin team's responsibility to make themselves aware of, and assess security risks. These things do not find and report themselves...nobody else is more qualified. It's not a perfect world, and bugs will always be found, even if Microsoft does take a proactive OpenBSD-style approach -- security holes will still be found (even OpenBSD has vulnerabilities). I'm not suggesting that it's our fault that Microsoft can't get it right the first time. You are insane if you took that away from my post. I'm saying that there is no such thing as 100% bug free software. It doesn't exist -- period. If you roll out software with the expectation that it is 100% bug free, the consequences resulting from such an action are your fault. Why would Microsoft be culpible for your ignorance?
If you have a good idea for an amazing, innovative design that magicly stops security holes before they become a problem...by all means, it's a free market. Go nuts. Frankly, I think you're insane if that's the standard that you hold developers to. Nobody does this. Nobody has figured out how to. Back here in the real world, we research security holes and patch them when a patch is available.
My friend, if you are indeed an admin, you need to grow up and take responsibility for your part instead of finding the guy with the deepest pockets and the worst reputation and pointing your finger there.
Yes, in a hostile environment such as a computer network, administrators are responsible for ensuring the systems are adequately locked down from attacks, and we can call them silly if they don't, but that in no way gives an attacker more rights to invade the computers therein.
I'm not saying that an attacker has a right to invade anything. However, people need to accept responsibility for not taking precautions. Why do people have to blame something else for everything that happens? We live in a hostile world...be vigilant.
People DON"T patch Windows boxen because patches are well known to often cause problems. With FOSS, patches rarely if ever cause problems, and never cause problems in unrelated areas -- upgrading Apache doesn't break mail
I run both F/OSS and Windows systems...and I've run all kinds of F/OSS systems. I've run both in a number of different environments. You are wrong about F/OSS patches. Shared libraries are what they are -- if you make a change in a library that lots of applications use, things can break, regardless of the OS. I've seen glibc patches break a number of things in RH. It happens. Just because we use OSS doesn't mean that our shit doesn't stink. The blame certainly doesn't fall in Microsoft's court.
What applications did the patch break? Some custom-built internal application at someone's company? Well, if they have cash for that, they can afford a systems/network administrator who can actually read the security advisories, look at the proposed workarounds and fix their internal firewalls to stop traffic from this worm. In the business world, you've gotta pay to play, my friend.
If you run a Microsoft system, and you fail to patch a Microsoft system because you "don't trust Microsoft's patches" and your systems get hosed, it's your fault. It couldn't be any more simple. If you don't like that your CTO decided on Microsoft, find another job that doesn't require you to work with it. If you don't trust their system in the first place, why would you ever run it? I'm amazed by your logic here.
wholeheartedly agree with you that ignorance keeps worms alive. But it seems to me that our automobile analogy illustrates what my point. When you drive a car you do need to know how to fix a flat, but you shouldn't have to know how to fix your engine in order to use the car. If my grandmother wants to use email, the Web, and Microsoft Office on occasion, should she have to get a certification in order to do so?
Right -- we're talking about basic security precautions Vs. building a custom kernel (or rolling your own patch). Just like changing a tire Vs. fixing your engine to keep the car running.
The fact is that computers are intertwined with our everyday lives to an enormous degree, yet networked systems are fundamentally unstable and prone to attack.
Correct again -- and part of my point is that it's kind of dumb to blindly point a finger and say "it's Microsoft's fault". It's not. Every operating system has vulnerabilities. It's not fair that responsibility has to fall on the user, and it's not fair that systems are getting more and more complicated and harder to keep current with. It's an unfortunate situation, but to blame the person with the deepest pockets isn't fair either.
If you drove your car and it broke down every five miles, would you blame yourself for not having the wherewithall to fix a cracked head gasket, or would you blame the manufacturer?
It depends -- did I forget to add coolant? Then it's my fault. If the car is brand-spaking new, then it has a new-car warranty and I can get it fixed under warranty. I've still gotta take the car to the dealer (unless it's a Lexus where they pick up your car and drop off a loaner for you...but I digress). But the point is that Microsoft provides a fix, and it is the user's responsibility to apply it. They don't have to understand what it does. My mother doesn't understand any of this stuff -- but she's still able to apply these patches -- the OS finds patches to install and does it for her (it's built-in to Windows). I'm fully aware that this doesn't work in all types of situations, like in a large corporate environment, but that's a separate argument with a separate answer.
sysad role (the "office computer guy" for example) have very uneven education. But should we be blaming them because they're trying to get things done with their computers and might not be as capable as we'd like them to be?
We should absolutely blame them. If they can't get the job done, in this job market, there are literally thousands of people in line that can get it done.
We are definitely all in it together, but my feeling is that the people who develop operating systems are like engineers, in that they should be held to a higher standard of performance than a layman. But computer science isn't nearly as evolved as the engineering profession, and as a result, we all suffer with systems that are profoundly flawed.
This is a very, very good point -- probably the most intelligent thing I've read all day. The problem may be that the market moves really fast. There is a demand to get applications out the door yesterday -- because if companies wait to release, their product becomes obselete. There are a variety of other problems, but this one seems to stick out. For mission critical applications...and even moreso where peoples lives literally depend on an application working (think air traffic control, pacemakers), developers are certainly held responsible. I remember having to sign off on a clause in MS' EULA that affirmed this point (it was in the earlier versions of Windows NT -- it's probably sill buried within their EULA). End user software is generally treated with a more cavalier attitude -- in part (probably) to keep costs down but the rush to market plays a huge part in that. Even in OSS, when
The patch was available, yes. But unfortunately as with most Windows patches,
they release an omnibus that changes library code that can affect virtually
any other application and service on the system. This one did,
too; it was very buggy.
Most *nix-based software doesn't have this problem. Unless it is something
like the kernel or glibc being fixed, a patch to one service has almost
no chance of causing problems in other services.
That is the downside of the "seamless integration" that Microsoft
so often trumpets, and that is why Windows sucks for maintainability.
It is also the reason that no one should listen to Microsoft patch-whiners
(like you?).
Oh, come on. Look, if you're in a business running custom apps and you find a security advisory with a patch that you don't have time to test before you apply -- most security advisories have information for workarounds. Any admin worth their salt will be able to read these and plan for the worst. That's why they're paid the big bucks. How long have you been doing this for? Can anyone accept responsibility for anything anymore?
And seamless integration? This integration is between Microsoft apps and the OS -- and Microsoft patches don't usually break Microsoft apps. These apps are either third-party, or custom. You're whining about somethign that isn't necessarily Microsoft's problem. Furthermore, I've had first-hand experience with RedHat's Glibc breaking stuff (which you did mention). A patch to any shared library has an equal chance of breaking something that uses it...regardless of the operating system. It's because of the library, the application which uses it, or both. Changes break things -- I've worked in software development, I've worked in change management -- it's a fact of life. I prefer using *nix...but I don't pretend that just because I use it, my shit doesn't stink. You're whining because you can't find a workaround -- because you can't tie down your internal routers to stop malignant packets. Stop blaming Microsoft for all of the world's problems and open your eyes. I don't care for Microsoft's software or business practices either -- but you know what? Whining about it isn't going to make it go away...and blindly blaming Microsoft every time something goes wrong is just ignorant.
Your argument is like saying it's the womans fault for being raped just because she doesn't carry pepper spray, or never took a self-defense course.
What if that woman is in a dangerous neighborhood wearing nothing but high heels, a black lace thong, and a bra? It's not her fault per se -- but she sure as hell could have done something to prevent it from happenning. In this case, she needs to accept responsibility for not taking precautions. The rapist is the bastard who commited the heinous act -- he's clearly the bastard in the situation. He is to blame...but responsibility? The situation could have been avoided. Just like I shouldn't walk down the street in a shady neighborhood with a clip full of $100 bills hanging out of my pocket. It's inviting trouble. I've got news -- your computer is in a dangerous neighborhood. You've gotta patch your security holes (no pun intended) and start putting some clothes on so your computer doesn't get hosed. Your analogy isn't really fair either...it would only be fair if your proposed rape victim immeadately became a serial rapist after being violated.
Either make a secure OS in the beginning, or have the OS patch itself.
Obviously, the former is impossible. Computers are vulnerable -- and there is no such thing as bug-free code. I want to say that again, because you seem to imply that such a thing is possible...there is no such thing as bug-free code. Windows can patch itself (as most other modern OS'es can). You just have to turn it on. Is it Microsoft's fault if you don't know how to turn it on? No -- just like it's not Ford's fault if you don't know how to change a tire.
As for your example, it's completely antecdotal. What virus/worm were they infected by? How did they get it? How could have they prevented it? Obviously, there has to be some way. And your teachere does need to worry about patching his system...otherwise he wouldn't be in this mess. I've got news for you...viruses and worms will not go away. It sucks -- I know. But sitting there, blaming the people for writing them and not taking precautions is unwise. With that attitude, many more people will fall victim.
don't need to knock down this ID10T's rantings point by point, it has already been done before s/he/it even posted.
Maybe they weren't effective. Maybe I don't buy it. Maybe you can't effectively knock my points down. Unfortunately for you, there's no consensus at Slashdot. Nice try on the anonymous though.
f you have mod points, knock the parent down to size (-1), and s/he/it better hope I don't have mod points when I get home or I'll mod down other posts by this slack-jawed, drooling lump of unworthy clay.
Pahahahaha! Bring it on. I could care less about Slashdot karma.
First of all, there are exceptions to everything. Nothing is absolute.
In essence, all this I blame on... well not me.
Well, that's very convenient. If you're in charge of the network, you should accept some responsibilty. You should have been reading up on this -- you should have been reading up on how to stop the internal trafficing of this worm. And right now, you should at least be asking yourself "how can I stop this from happenning again". To not accept any responsibility for your part in this is reckless. You should be informed as to your IT strategy. You should be proactive and asking questions like: How much downtime is acceptable? What will we have to spend to get to that point? Is it worth it? Is there a compromise that we can make so it is worth it? What are the risks? Do we have the IT staff to maintain that kind of infrastructure? Can we afford it? If you are not in a position to make these decisions, but are "in the know" enough to think about this stuff, then it's probably part of your job to bring these questions to someone who can make these decisions.
If you piss off enough people, people will push back. MS pisses off a lot of people.
aah -- the mantra of the free enterprise. I hear you, I agree, and I believe it. Microsoft will eventually go away.
well I learned one thing, personal firewalls on windows, are becoming a nessicity.
Indeed, in fact, this is very important: a gateway firewall != security. Not by a long shot.
Microsoft sells its products as if 12 y/o can administrate it, knowladge where it is needed about security and firewalls, is not properly taught.
MS admins generally are busy reinstalling laptops, updating MS office, cleaning up after McAfee detected Yet Another Virus.
In both cases, you are blaming the structure of how a business is run. In the former case, a CTO should know better than to believe that Windows just runs itself with a 12-year-old at the helm...that's why they're a CTO. That CTO should hire competant admins, and they should know what to look for. In the latter case, that a problem with how IT is implemented within a company. How can Microsoft possibly be responsible for that?
I think you may have taken exception in part because I appeared to be bashing MCSE's. That's not what I was trying to do. The example I used was trying to call out the vast number of MCSE's out there and show that because of the size of the pool, there are going to be a large number of dumbasses out there. The point is (through all of this) is that it's not entirely Microsoft's fault. It might not be your fault -- but someone in your organization clearly is...and it's not as simple as blaming the guy who chose Microsoft for choosing Microsoft.
Slashdot Mirror
I don't know which is worse -- the "Let's do nothing" mentality, or the let's panic NOW (and blame our problems on SUV's) mentality. Both the naysayers and the alarmists (at least, the vocal ones) seem pretty irrational. The fact is that there's gotta be some middle ground because the fact is that we don't know. For every bit of evidence, there's contradictory evidence (ie historical trends). For every bit of contradictory evidence, there's something else showing that it's possible and/or happenning now.
I just with that we could all think rationally about this and put some of the emotion aside (no, I'm not holier than anyone else...I can get charged up about this too). It seems that both extremes are...well...dumb.
Let's see here...what do contractors bring to the table on an RFP-based project: Actual accountability, maybe? Less bloat? Less beaurocracy? All of the above?
You're taking my post waaaaaay out of context. Where did I ever say that because contractors made it happen, it was any less great? The point I was trying to make was the opposite -- it wasn't executed by the government (like the Internet). It was done by people who were actually accountable for something.
The point is that the example of something great that was done by the government wasn't really. It was a government initiative. There is a difference. If the project was managed by the federal government, the chance of failure would have been far greater, since they're not as accountable. Perhaps you're not reading this inside of the context of the thread?
No, they didn't develop the Internet. They paid private contractors to develop the Internet. There's quite a difference.
I didn't say anything about stability.
Without getting into a flame war (I won't reply to flames) -- I'd suggest thinking long and hard about installing Gentoo on 10 machines running an existing environment. By all means, install it on your home computer(s). It's quite flexible and is perhaps one of the coolest Linux distros that I've ever worked with.
Presumably, these Linux boxes are actually doing something useful, and they're important to the company that you're working for. I also presume that you'll be leaving the company in 18 months when you finish up your undergrad degree. Now, if you move to a semi-obscure distro like Gentoo, you will leave them with Gentoo. How many admins really know the ins and outs of Gentoo as well as they know some of the more popular distributions like RH, SUSE, Debian, etc? They may have a difficult time finding a competent SA to run those Gentoo boxes...they'll curse your name.
For many (and I'd say that these are the more forward-thinking competent SA's) a large part of systems administration is building an environment that's scalable, easily reproducable, and have everything documented so that he next guy can pick right up where you left off. Building very complex systems from the ground up is very cool...but IMO, is probably best for larger companies with money to toss into a proper staff. I always saw one of Gentoo's strongest points as being an easy way out for large companies who would want to roll their own. Unfortunately, you are one guy -- with ten systems (and I don't know how many users). Best bet for someone like you? Keep it simple.
I would suggest looking into a mainstream Linux distro that will be very easy for you to troubleshoot and maintain (I know that Gentoo is easy to maintain from an update perspective -- don't go there). There are a lot of good distributions out there, and I won't recommend any particular one.
Next step (and here's where I actually get into answering your question): Learn (bourne) shell scripting. Even if you already know shell scripting, your best bet is to learn how to do it in practical situations -- figure out which tedious tasks you tend to perform regularly and start there. The next step is to apply this knowledge to bigger jobs, that you might only perform once. While you're at shell scripting, regular expressions are of very high importance. Learn them. Finally, a higher-level language (like Perl) is very useful; especially when dealing with strings. In my earlier days of SA work, not knowing Perl was a big hinderance -- no sense writing 50 lines of shellcode when 15 lines of Perl could handle it (and faster taboot).
Anyway, that should get you started. Good luck at this gig -- and don't blow it. Good SA jobs can be tricky to come by.
OK, silly subject headers aside -- electric cars may be quiet and clean, but they're usually not as energy efficient as they may seem. A good economy car can usually rival an electric car in terms of energy efficency...and they just wreck them in terms of cost (cheaper to purchase -- due to higher production volume and the use of cheaper materials, and definitely cheaper to own -- more moving parts, but parts are made from heavier, cheaper materials, and are available in higher volume and thus, the costs are reduced).
Motorcycles can be loud, and they can be smelly, but they're probably some of the most fuel efficient vehicles on the road. I've seen 60 MPG on an old ~600cc bike pretty consistently. I don't know what a newer bike can do, but they may be better. However, there are also the issues of weather protection and cargo space...but you were the one who didn't want a big steel box, so you may be out of luck if you want weather protection and cargo capacity in any suitable vehicle (unless you want a carbon fiber monocoque car...bling bling, baby).
It sounds like you're going to have a hard time finding transportation that you're happy with. Have you considered carpooling to work?
I'm a little too skeptical to try it with my primary email address. I tend to agree that some if it may go away initially, but your verified address will eventually be sold.
Is it really the same? The end service becomes is the same, however, Vonage has a critical difference. Traditional telco networks require a vast, expsnsive infrastructure. Even with the partial deregulation in the late 90's, competing telcos stil had to lease service from local telco monopolies.
VoIP is pretty different because it doesn't require the same infrastructure. Internet infrastructure is large and expensive, but doesn't require the same regulation, since it's not a government sponsored monopoly -- there are competing ISP's in most metropolitan regions.
I'm not sure that the above warrants the same type of regulation. All they're doing is replacing all of the old infrastructure with a service, using an existing infrastructure which is untaxed. By your logic, all Internet traffic should be taxed -- because that's all this is...Internet traffic.
Probably, but going down will never catch on in the geek world...unless you can enter your initials after you get a high score.
Oh, so it's people like you that are arong with this country. Thanks, man. Way to fuck your fellow countrymen over. Personally, I wouldn't sue -- especially in her situation. She doesn't deserve a goddamn thing. While I'm on it -- neither do you. Your logic sounds like the fat people who want to blame McDonald's for their obesity. From your comment, it seems like you're one of those people who will sue anyone with deep pockets without a real claim...and feel like you deserve it. Have you any idea what the consequences of this are? Do you realize that real people lose jobs over these lawsuits? I suppose that you're all for suing all of those "rich", "greedy" doctors to drive the price of med-malpractice up and thus drive the cost of healthcare up?
Wow -- nice absolute statement there. Do you care to back it up with anything? How are all public companies evil? That is a pretty wild generalization -- don't you think? As far as why Google is going public, it's very clear. They'd rather not, but they have over 500 investors, so they have to file as if they were a public company...since they have to file, they may as well take the cash. Of course, if you read some articles before forming an opinion, you'd already know this. Pff.
Do you have anything to back that up? From what I read, it actually sounds quite different...but I guess you don't bother to read newspapers and analyses or anything, hmm?
Oh, totally.
Look, there's no question that there were some inaccuracies in his film. Frankly, everything that he says needs to be taken with a grain of salt -- but he does make some interesting points about fear in America (among other things). Taken for what it is (and not who is saying it, and outside of the B.S.), he really makes some interesting, thought-provoking points.
I'm beginning to feel like abroken record here. First -- what software does the patch break? Anything? Anything shrinkwrapped? Did the admins test the patch? If it really broke something, what about all the workarounds mentioned in the bugtraq (and other) advisories?
Finally, we're not talking about patching within an hour. We're talking (in this case, it depends on which patch) between 1-4 weeks.
The system is more complex because that's what the market demands. If we all used Commodore 64's we'd be secure as hell, because the only way in is via 1200 baud dialup. Now that we have high speed broadband connections, as well as tons of Internet connectivity in our homes, as well as every other integrated bell and whistle imaginable -- operating systems have become bigger and more complex. It's not just Windows, it's every modern OS (with a few exceptions). None of these widespread self-propigating worms could exist before a large percentage of homes and businesses were hooked into a high-speed always-on Internet connection.
I'm not being pro-Microsoft here -- I'm just being anti-bullshit. Let's try to be objective about this.
I've seen this reasoning over and over again. Maybe I'm not looking carefully enough, but what software is this patch actually breaking? The only software that I've heard of that's broken by Microsoft's first patch are custom applications. I'm not sure about the second patch. If an orginization has significant fundage to build, run, and maintain custom apps, then they can surely afford an admin team who is worth their salt enough to research and implement a workaround. It's possible, and is already documented (the best way to prevent this is by utilizing internal firewalls -- not just a border firewall). For 99.9% of organizations out there, I reject the "excuse" that the patch breaks applications as a reason to be dead in the water (...and I'm sure that there are a few exceptions -- there always are).
That's one of the dumbest things I've ever heard. Of course there's more to the job than research, but it's definitely a big part of the job. How are you supposed to adequately keep your systems patched if you're not actively researching new issues? Research is part of the job. Keeping current is also part of the job. If security is important to your company, then that's part of the job. If it's not an important part of the job, then stop whining about what happens when you don't act properly. If you're overworked -- it's not my problem, and it's not Microsoft's fault. The point is that people need to stop blaming everyone else for their own problems, organizational or otherwise. Companies have to pay to play -- and it's not Microsoft's fault if you or your organization can't provide.
On the contrary, I believe that you may be a little self-righteous as well. All I'm saying is that it's the admin team's responsibility to make themselves aware of, and assess security risks. These things do not find and report themselves...nobody else is more qualified. It's not a perfect world, and bugs will always be found, even if Microsoft does take a proactive OpenBSD-style approach -- security holes will still be found (even OpenBSD has vulnerabilities). I'm not suggesting that it's our fault that Microsoft can't get it right the first time. You are insane if you took that away from my post. I'm saying that there is no such thing as 100% bug free software. It doesn't exist -- period. If you roll out software with the expectation that it is 100% bug free, the consequences resulting from such an action are your fault. Why would Microsoft be culpible for your ignorance?
If you have a good idea for an amazing, innovative design that magicly stops security holes before they become a problem...by all means, it's a free market. Go nuts. Frankly, I think you're insane if that's the standard that you hold developers to. Nobody does this. Nobody has figured out how to. Back here in the real world, we research security holes and patch them when a patch is available.
My friend, if you are indeed an admin, you need to grow up and take responsibility for your part instead of finding the guy with the deepest pockets and the worst reputation and pointing your finger there.
I'm not saying that an attacker has a right to invade anything. However, people need to accept responsibility for not taking precautions. Why do people have to blame something else for everything that happens? We live in a hostile world...be vigilant.
I run both F/OSS and Windows systems...and I've run all kinds of F/OSS systems. I've run both in a number of different environments. You are wrong about F/OSS patches. Shared libraries are what they are -- if you make a change in a library that lots of applications use, things can break, regardless of the OS. I've seen glibc patches break a number of things in RH. It happens. Just because we use OSS doesn't mean that our shit doesn't stink. The blame certainly doesn't fall in Microsoft's court.
What applications did the patch break? Some custom-built internal application at someone's company? Well, if they have cash for that, they can afford a systems/network administrator who can actually read the security advisories, look at the proposed workarounds and fix their internal firewalls to stop traffic from this worm. In the business world, you've gotta pay to play, my friend.
If you run a Microsoft system, and you fail to patch a Microsoft system because you "don't trust Microsoft's patches" and your systems get hosed, it's your fault. It couldn't be any more simple. If you don't like that your CTO decided on Microsoft, find another job that doesn't require you to work with it. If you don't trust their system in the first place, why would you ever run it? I'm amazed by your logic here.
Right -- we're talking about basic security precautions Vs. building a custom kernel (or rolling your own patch). Just like changing a tire Vs. fixing your engine to keep the car running.
Correct again -- and part of my point is that it's kind of dumb to blindly point a finger and say "it's Microsoft's fault". It's not. Every operating system has vulnerabilities. It's not fair that responsibility has to fall on the user, and it's not fair that systems are getting more and more complicated and harder to keep current with. It's an unfortunate situation, but to blame the person with the deepest pockets isn't fair either.
It depends -- did I forget to add coolant? Then it's my fault. If the car is brand-spaking new, then it has a new-car warranty and I can get it fixed under warranty. I've still gotta take the car to the dealer (unless it's a Lexus where they pick up your car and drop off a loaner for you...but I digress). But the point is that Microsoft provides a fix, and it is the user's responsibility to apply it. They don't have to understand what it does. My mother doesn't understand any of this stuff -- but she's still able to apply these patches -- the OS finds patches to install and does it for her (it's built-in to Windows). I'm fully aware that this doesn't work in all types of situations, like in a large corporate environment, but that's a separate argument with a separate answer.
We should absolutely blame them. If they can't get the job done, in this job market, there are literally thousands of people in line that can get it done.
This is a very, very good point -- probably the most intelligent thing I've read all day. The problem may be that the market moves really fast. There is a demand to get applications out the door yesterday -- because if companies wait to release, their product becomes obselete. There are a variety of other problems, but this one seems to stick out. For mission critical applications...and even moreso where peoples lives literally depend on an application working (think air traffic control, pacemakers), developers are certainly held responsible. I remember having to sign off on a clause in MS' EULA that affirmed this point (it was in the earlier versions of Windows NT -- it's probably sill buried within their EULA). End user software is generally treated with a more cavalier attitude -- in part (probably) to keep costs down but the rush to market plays a huge part in that. Even in OSS, when
Oh, come on. Look, if you're in a business running custom apps and you find a security advisory with a patch that you don't have time to test before you apply -- most security advisories have information for workarounds. Any admin worth their salt will be able to read these and plan for the worst. That's why they're paid the big bucks. How long have you been doing this for? Can anyone accept responsibility for anything anymore?
And seamless integration? This integration is between Microsoft apps and the OS -- and Microsoft patches don't usually break Microsoft apps. These apps are either third-party, or custom. You're whining about somethign that isn't necessarily Microsoft's problem. Furthermore, I've had first-hand experience with RedHat's Glibc breaking stuff (which you did mention). A patch to any shared library has an equal chance of breaking something that uses it...regardless of the operating system. It's because of the library, the application which uses it, or both. Changes break things -- I've worked in software development, I've worked in change management -- it's a fact of life. I prefer using *nix...but I don't pretend that just because I use it, my shit doesn't stink. You're whining because you can't find a workaround -- because you can't tie down your internal routers to stop malignant packets. Stop blaming Microsoft for all of the world's problems and open your eyes. I don't care for Microsoft's software or business practices either -- but you know what? Whining about it isn't going to make it go away...and blindly blaming Microsoft every time something goes wrong is just ignorant.
What if that woman is in a dangerous neighborhood wearing nothing but high heels, a black lace thong, and a bra? It's not her fault per se -- but she sure as hell could have done something to prevent it from happenning. In this case, she needs to accept responsibility for not taking precautions. The rapist is the bastard who commited the heinous act -- he's clearly the bastard in the situation. He is to blame...but responsibility? The situation could have been avoided. Just like I shouldn't walk down the street in a shady neighborhood with a clip full of $100 bills hanging out of my pocket. It's inviting trouble. I've got news -- your computer is in a dangerous neighborhood. You've gotta patch your security holes (no pun intended) and start putting some clothes on so your computer doesn't get hosed. Your analogy isn't really fair either...it would only be fair if your proposed rape victim immeadately became a serial rapist after being violated.
Obviously, the former is impossible. Computers are vulnerable -- and there is no such thing as bug-free code. I want to say that again, because you seem to imply that such a thing is possible...there is no such thing as bug-free code. Windows can patch itself (as most other modern OS'es can). You just have to turn it on. Is it Microsoft's fault if you don't know how to turn it on? No -- just like it's not Ford's fault if you don't know how to change a tire.
As for your example, it's completely antecdotal. What virus/worm were they infected by? How did they get it? How could have they prevented it? Obviously, there has to be some way. And your teachere does need to worry about patching his system...otherwise he wouldn't be in this mess. I've got news for you...viruses and worms will not go away. It sucks -- I know. But sitting there, blaming the people for writing them and not taking precautions is unwise. With that attitude, many more people will fall victim.
Maybe they weren't effective. Maybe I don't buy it. Maybe you can't effectively knock my points down. Unfortunately for you, there's no consensus at Slashdot. Nice try on the anonymous though.
Pahahahaha! Bring it on. I could care less about Slashdot karma.
First of all, there are exceptions to everything. Nothing is absolute.
Well, that's very convenient. If you're in charge of the network, you should accept some responsibilty. You should have been reading up on this -- you should have been reading up on how to stop the internal trafficing of this worm. And right now, you should at least be asking yourself "how can I stop this from happenning again". To not accept any responsibility for your part in this is reckless. You should be informed as to your IT strategy. You should be proactive and asking questions like: How much downtime is acceptable? What will we have to spend to get to that point? Is it worth it? Is there a compromise that we can make so it is worth it? What are the risks? Do we have the IT staff to maintain that kind of infrastructure? Can we afford it? If you are not in a position to make these decisions, but are "in the know" enough to think about this stuff, then it's probably part of your job to bring these questions to someone who can make these decisions.
aah -- the mantra of the free enterprise. I hear you, I agree, and I believe it. Microsoft will eventually go away.
Indeed, in fact, this is very important: a gateway firewall != security. Not by a long shot.
In both cases, you are blaming the structure of how a business is run. In the former case, a CTO should know better than to believe that Windows just runs itself with a 12-year-old at the helm...that's why they're a CTO. That CTO should hire competant admins, and they should know what to look for. In the latter case, that a problem with how IT is implemented within a company. How can Microsoft possibly be responsible for that?
I think you may have taken exception in part because I appeared to be bashing MCSE's. That's not what I was trying to do. The example I used was trying to call out the vast number of MCSE's out there and show that because of the size of the pool, there are going to be a large number of dumbasses out there. The point is (through all of this) is that it's not entirely Microsoft's fault. It might not be your fault -- but someone in your organization clearly is...and it's not as simple as blaming the guy who chose Microsoft for choosing Microsoft.