If your company allows you to be the only person that knows the admin/root password, then I honestly think your company (or perhaps just your management) is a little bit irresponsible.
If you were to go bad, or quit without giving out the password, or die, your company would be in a world of hurt.
On the other hand, could the fact that they let you keep the admin password all to yourself be an indication that your systems are unimportant?;)
The truth about proceedures is they are in place to reduce the likelihood of a screwup, to reduce the damage, and increase the chances of detection.
I agree with this completely, that was actually my point -> perhaps I read the
'make sure' in "
make sure the problem isn't made worse, there is a rollback, security isn't comprimised, and the change is documented." a little too literally.
You're assuming that both the person that caused the mess and the person that put the procedures in place are both idiots;) If one extremely intelligent person can cause that much mess, there may have been an idiot or a non-idiot that failed/succeeded to put some reasonably acceptable version of 'proper procedures' in place.
Suppose I pre-prepare a security comprimising change with the express intent of waiting for the fire, so I can slip it in with a fix, and I slip it in while fixing something that has -nothing to do with the security comprimising change- (i.e., the review wouldn't catch it because the reviewer wouldn't think to look in that portion of the system/code/etc)? The fix is still documented, procedures were still followed, there is a rollback, yet security would still be comprimised, no? (Note that I'm not saying that it wouldn't be hard, just that it's possible).
Examples of good procedures could be.
*Systems provide automated roll back.
This isn't a procedure. This is a potential feature of the system itself. When I was a unix admin, I versioned config files, because unix doesn't provide automatic versioning of files, allowing rollback of config changes. However, as the person who set up the versioning system, if I had gone bad I would have been able to sabotage the files under revision control as well. Unless the system itself enforces this (i.e, the system keeps all versions of all files and does not allow an admin to change, in any manner, old versions), this sort of precaution can be bypassed.
*Changes can only be applied through a script that is run by xyz and required GOD access (say knowlage of a password that changes daily)
This, also, sounds good. However, on some Unix systems, at least, there have been issues with setuid scripts related to how the system loads and executes them, allowing race conditions that can lead to root access. Note that the issue I'm talking about is -not- a bug in the script, but rather a side effect of how #! loading is handled by some systems. A large percentage of the Unix S.A.s I know rightly disallow the use of setuid scripts for this reason, and the fact that it's easy to write a script that allows things like/tmp races and other bugs that lead to root access and/or clobbering of files.
*System should be configured to audit any changes that take place.
Again, not a procedure, but a potential feature of the system. If the system doesn't allow this directly, how do you propose to implement it?
*A review process, where by any changes are reviewed by another member of staff
"Hey Dave, I'm sabotaging the system -- Can you review my change for me? Thanks!" - Do you really think someone's going to let a change like that get into the queue for a review process? Are you advocating a line-by-line code/config review of -everything- every single time a change is made, and do you realize how impractical that is, especially if the deployed system is complex or the number of deployed machines is large? Do you understand that it is possible to make a change that cannot be reviewed?
You can do things to attempt to prevent this sort of thing, but you have to understand that there is no procedural solution for this problem -> the best you can do is reduce the odds that someone can do this and not get caught. This is a laudable goal, but, while in pursuit of this goal, the practical limitations need to be kept in sight.
The moral of the story is, it's very easy to post on Slashdot saying 'x, y, and z would have prevented this', with x, y, and z being impractical/impossible to implement, and through some twist of logic, come to a conclusion such as:
the sysadmin was bad the company was useless, I'm not supprised he quit and tried to take the company down.
It sounds great, however, it looks like they tested against a virus that makes connections as fast as it can. What happens when someone writes a virus that attempts to take advantage of any such system?
For example, intentionally make connections at a decreased rate. It gives you a couple of (probable) advantages -> You'd slide by the detection aspect of this (No backlog of connections), You'd spread slower, but you could make that work to your advantage -> a slower spread can mean longer time until detection, which may mean more hosts infected. Also, if this works as the article states, you could eventually make it so that the hosts you were connecting to were -not- throttled (Say you're getting ready to propogate a DDOS attack virus).
This would catch most virus/worms as they are written -now-, but as soon as this is widely deployed, someone will write a virus or worm that sneaks around it, by avoiding the behavior it's looking for.
This is because a Cisco CCIE certification actually/means/ something. I've known a CCIE or three, and they've all told me that there's a lab test where the instructors are running around breaking the network, and to pass the test, you have to fix it real time. This is a far cry from MSIE, where you can pass the written test and still not know anything about how to fix issues in the real world.
If I'm missing the point, it's because you never made it.
Beyond that, however, I think it is absurd to allow you to take someone else's work and sell it without compensating the original author -- or even worse, give it away to an unrelated third party.
Nowhere in that do you discuss third-parties advocating that you release your source GPL. On that score, I agree with you.. Ignore them if that's not the license you want to use. On the flip side, if they want to advocate a free solution over yours, that's their prerogative... you'd better make your product worth paying for.:)
Beyond that, however, I think it is absurd to allow you to take someone else's work and sell it without compensating the original author
It's not absurd if that's what the copyright holder
intended. If I want someone to be
able to take my work and sell it or give it (or add to it) without compensating me, I don't see why you should think that you have a say in the matter, because it's my work
.
What you should really say, is that you don't want
someone taking your work and selling it
without compensating you. That's perfectly OK, just don't GPL your code, use a license that lets whoever you sell it to modify the source as long as they don't distribute it (or binaries).
From the/. article... Mac OS X Server 10.1.5 wasn't as far behind the curve as you might think. Performance might've been better if Moshe had Mac OS X Server 10.2, with its faster GUI...
From the article itself.. The included AGP 4X card with 64 MB of dedicated graphics RAM is a screamer...
Ok, my question is this: It's a server-to-server
comparison. What relevance does the speed of the GUI, and the performance of the graphics card, have? IMHO, the GUI should be shut down if at all possible for any server application.
Interesting question.. It would probably boil down to if the sale of the company could be considered as 'distributing' the software. I don't think it would, as long as the mods were kept as internal-use-only by the new owners.
However, you'd almost certainly have to give the modified code to the new owners, although you could probably keep a copy for yourself. If you give the source along with the sale of the company, your question is basically moot, the 'distribution' is done and the source went with it.. It's now up to the new owners to either distribute that code or keep it internal-only..
Microsoft would love it if this were true. It would protect their revenue stream, in that companies that went bankrupt could not sell their licenses off.
For example, in the last year or so, one of the problems companies like Cisco and Sun were having is that their hardware revenue dropped because fairly new equipment was available at auctions, from companies that had gone bankrupt and were selling all their network infrastructure and servers. Why buy from Cisco direct when you can get the same like-new switch for a lot cheaper?
I think this applies to MS as well... They don't want licenses being sold off in a bankruptcy, even if it's with the hardware the licensed software is currently running on.. Microsoft would end up making bank either way, they'd love it.
Now, I honestly don't know if a non-tranferrable clause in a licensing agreement is legal, or if this is the reason that Microsoft is objecting.. the article doesn't say, it just says that Kmart hadn't listed -which- licenses it was going to transfer.
At the start of the article... Prolonged time playing video games could cause people to lose concentration, get angry easily and have trouble associating with others, a Japanese professor's research has suggested.
and a little further down..
Many of the people in this group told researchers that they got angry easily, couldn't concentrate, and had trouble associating with friends
Interestingly, the article doesn't say that the study itself concludes ".. that playing video games could cause people to lose concentration, get angry easily and have trouble associating with others.. ", it just says that the research 'suggests' it -- suggests to who? - looks to me a little bit like the lose concentration/anger easy/trouble associating bit was something the people writing the article threw in. (i.e., it doesn't say 'the study found that' but 'Many people in this group told researchers', which to me is -a lot- different - 'many people say xxx' doesn't prove xxx )
The whole article ends with "During childhood, playing outside with friends, not videogames, is the best option.". well, duh.;)
Re:explanation? Impossible !!!
on
Draw!
·
· Score: 1
If you brought a bed in to play chess on at a tournament, and jumped on it, the judges would probably either kick you out or make you walk up to the scoreboard and mark yourself a loss;)
Thanks for the laugh, i enjoyed it.:)
Re:explanation? Impossible !!!
on
Draw!
·
· Score: 1
True enough, and then Godel's theorem would apply,
to the axiomatic system that you just defined.
However, that system is -not- the game of chess,
you grok? It would be an axiomatizable theory
based on the rules of chess, but any true but
unprovable statement in your axiomatic theory
would -not be a legal position- in chess. All
legal positions in chess are reachable via the
rules, since the rules are what defines a legal position. Therefore, no positions _impossible_ to calcucate (however, there is the practicality issue)
I wasn't taking a vehemently personal stance, I was vehemently disagreeing - the 'you're smoking
rock' bit wasn't intended as a personal attack but
as an emphasis of my position, I apologize if it
was taken in another manner.
Re:explanation? Impossible !!!
on
Draw!
·
· Score: 1
You're smoking rock.
Godel's First Incompleteness Theorem: Any adequate axiomatizable theory is incomplete. In particular the sentence "This sentence is not provable" is true but not provable in the theory.
Godel's Second Incompleteness Theorem: In any consistent axiomatizable theory (axiomatizable means the axioms can be computably generated) which can encode sequences of numbers (and thus the syntactic notions of "formula", "sentence", "proof") the consistency of the system in not provable in the system
The reason you're smoking rock: Chess is a finite state machine, not an axiomatizable theory.
Chess is not an axiomatic system that is used
to prove or disprove statements (an 'axiomatizable theory'). The rules of chess are not an axiomatic system that make statements about number theory or anything else, they are merely rules that can be applied to get from one board position to another. In other words, chess is a finite state machine,
with the players deciding what move to make (when it's their turn) to get to the next state. There are, admittedly, a huge number of states, but to
apply Godel's theorem you'd have to be able to
truthfully say something like 'There is a
position in chess which is a legal position, but is not reachable by starting with the initial board position and applying moves". You cannot make this statement truthfully, since if it were unreachable in this fashion, the conceived-of
position is not legal.
The name 'Ethel' turned me off, so I didn't listen
to that channel for about 3 months after I got XM -
but now that I've listened to it, I'd have to agree - Ethel Rocks.
something like (paraphrasing) "I'll explain to you american politics... 'The puppet on the right is closer to my beliefs'... 'No, the puppet on the left is closer to my beliefs'... 'Hey, wait a minute, the puppets are on the hands of the same guy'... 'Shhhhh!'"
What's the legal basis for a cut 50% of gross for
two periods for a 3.85% pay reduction?
It looks like they're grabbing half of two paychecks
to pay off the salary reduction for the whole year -
including the months up to now (i did the math quickly, and 3.85% of my annual salary comes out to
approx half of my monthly salary)
However, if it's 50% pay cut to pay a 3.85% cut on
the entire annual salary, it looks to me like they're applying the
cut to the salary they've currently paid up till now. Aren't retroactive pay cuts illegal? (note that I'm assuming it's illegal because it makes
sense to me that it ought to be illegal, not that
i know of any particular law that makes it illegal)
Is the 'In the event you do not wish to accept the reduction, you must advise the Human Resources Department immediately' a CYA line that lets them do a retroactive cut?
(Pls note that I'm not too savvy in this area, i'm asking because it doesn't make sense to me that
they'd be able to do that - maybe I'm reading it wrong)
If you set up a vpn, you're usually going host->firewall, and the traffic is unencrypted on the back side of the firewall. ssh is -always- host to host.
Slashdot Mirror
If your company allows you to be the only person that knows the admin/root password, then I honestly think your company (or perhaps just your management) is a little bit irresponsible.
;)
If you were to go bad, or quit without giving out the password, or die, your company would be in a world of hurt.
On the other hand, could the fact that they let you keep the admin password all to yourself be an indication that your systems are unimportant?
The truth about proceedures is they are in place to reduce the likelihood of a screwup, to reduce the damage, and increase the chances of detection.
I agree with this completely, that was actually my point -> perhaps I read the 'make sure' in " make sure the problem isn't made worse, there is a rollback, security isn't comprimised, and the change is documented." a little too literally.
but I'd just figure I mistyped my password a few times and go in on the admin account and unlock myself!
;)
I can tell you how it will go down -> they'll have one of the techs change the admin password
You're assuming that both the person that caused the mess and the person that put the procedures in place are both idiots ;) If one extremely intelligent person can cause that much mess, there may have been an idiot or a non-idiot that failed/succeeded to put some reasonably acceptable version of 'proper procedures' in place.
Suppose I pre-prepare a security comprimising change with the express intent of waiting for the fire, so I can slip it in with a fix, and I slip it in while fixing something that has -nothing to do with the security comprimising change- (i.e., the review wouldn't catch it because the reviewer wouldn't think to look in that portion of the system/code/etc)? The fix is still documented, procedures were still followed, there is a rollback, yet security would still be comprimised, no? (Note that I'm not saying that it wouldn't be hard, just that it's possible).
Now wait a minute
/tmp races and other bugs that lead to root access and/or clobbering of files.
Examples of good procedures could be. *Systems provide automated roll back.
This isn't a procedure. This is a potential feature of the system itself. When I was a unix admin, I versioned config files, because unix doesn't provide automatic versioning of files, allowing rollback of config changes. However, as the person who set up the versioning system, if I had gone bad I would have been able to sabotage the files under revision control as well. Unless the system itself enforces this (i.e, the system keeps all versions of all files and does not allow an admin to change, in any manner, old versions), this sort of precaution can be bypassed.
*Changes can only be applied through a script that is run by xyz and required GOD access (say knowlage of a password that changes daily)
This, also, sounds good. However, on some Unix systems, at least, there have been issues with setuid scripts related to how the system loads and executes them, allowing race conditions that can lead to root access. Note that the issue I'm talking about is -not- a bug in the script, but rather a side effect of how #! loading is handled by some systems. A large percentage of the Unix S.A.s I know rightly disallow the use of setuid scripts for this reason, and the fact that it's easy to write a script that allows things like
*System should be configured to audit any changes that take place.
Again, not a procedure, but a potential feature of the system. If the system doesn't allow this directly, how do you propose to implement it?
*A review process, where by any changes are reviewed by another member of staff
"Hey Dave, I'm sabotaging the system -- Can you review my change for me? Thanks!" - Do you really think someone's going to let a change like that get into the queue for a review process? Are you advocating a line-by-line code/config review of -everything- every single time a change is made, and do you realize how impractical that is, especially if the deployed system is complex or the number of deployed machines is large? Do you understand that it is possible to make a change that cannot be reviewed?
You can do things to attempt to prevent this sort of thing, but you have to understand that there is no procedural solution for this problem -> the best you can do is reduce the odds that someone can do this and not get caught. This is a laudable goal, but, while in pursuit of this goal, the practical limitations need to be kept in sight.
The moral of the story is, it's very easy to post on Slashdot saying 'x, y, and z would have prevented this', with x, y, and z being impractical/impossible to implement, and through some twist of logic, come to a conclusion such as:
the sysadmin was bad the company was useless, I'm not supprised he quit and tried to take the company down.
It sounds great, however, it looks like they tested against a virus that makes connections as fast as it can. What happens when someone writes a virus that attempts to take advantage of any such system?
For example, intentionally make connections at a decreased rate. It gives you a couple of (probable) advantages -> You'd slide by the detection aspect of this (No backlog of connections), You'd spread slower, but you could make that work to your advantage -> a slower spread can mean longer time until detection, which may mean more hosts infected. Also, if this works as the article states, you could eventually make it so that the hosts you were connecting to were -not- throttled (Say you're getting ready to propogate a DDOS attack virus).
This would catch most virus/worms as they are written -now-, but as soon as this is widely deployed, someone will write a virus or worm that sneaks around it, by avoiding the behavior it's looking for.
This is because a Cisco CCIE certification actually /means/ something. I've known a CCIE or three, and they've all told me that there's a lab test where the instructors are running around breaking the network, and to pass the test, you have to fix it real time. This is a far cry from MSIE, where you can pass the written test and still not know anything about how to fix issues in the real world.
If I'm missing the point, it's because you never made it.
:)
Beyond that, however, I think it is absurd to allow you to take someone else's work and sell it without compensating the original author -- or even worse, give it away to an unrelated third party.
Nowhere in that do you discuss third-parties advocating that you release your source GPL. On that score, I agree with you.. Ignore them if that's not the license you want to use. On the flip side, if they want to advocate a free solution over yours, that's their prerogative... you'd better make your product worth paying for.
Beyond that, however, I think it is absurd to allow you to take someone else's work and sell it without compensating the original author
It's not absurd if that's what the copyright holder intended. If I want someone to be able to take my work and sell it or give it (or add to it) without compensating me , I don't see why you should think that you have a say in the matter, because it's my work
. What you should really say, is that you don't want someone taking your work and selling it without compensating you. That's perfectly OK, just don't GPL your code, use a license that lets whoever you sell it to modify the source as long as they don't distribute it (or binaries).
Or, perhaps it's a laser capable of emitting a
beam of pure anti-matter...
(Insert crowd yelling 'Then it's not a laser!')
From the /. article...
Mac OS X Server 10.1.5 wasn't as far behind the curve as you might think. Performance might've been better if Moshe had Mac OS X Server 10.2, with its faster GUI...
From the article itself..
The included AGP 4X card with 64 MB of dedicated graphics RAM is a screamer...
Ok, my question is this: It's a server-to-server comparison. What relevance does the speed of the GUI , and the performance of the graphics card, have? IMHO, the GUI should be shut down if at all possible for any server application.
Interesting question.. It would probably boil down to if the sale of the company could be considered as 'distributing' the software. I don't think it would, as long as the mods were kept as internal-use-only by the new owners.
However, you'd almost certainly have to give the
modified code to the new owners, although you
could probably keep a copy for yourself. If you give the source along with the sale of the company, your question is basically moot, the 'distribution' is done and the source went with it.. It's now up to the new owners to either distribute that code or keep it internal-only..
It may not be an actual EULA, though, it may
be a site license, or some non-standard license
that was negotiated between MS and bluelight
directly.
Microsoft would love it if this were true. It would protect their revenue stream, in that companies that went bankrupt could not sell their licenses off.
For example, in the last year or so, one of the problems companies like Cisco and Sun were having is that their hardware revenue dropped because fairly new equipment was available at auctions, from companies that had gone bankrupt and were selling all their network infrastructure and servers. Why buy from Cisco direct when you can get the same like-new switch for a lot cheaper?
I think this applies to MS as well... They don't want licenses being sold off in a bankruptcy, even if it's with the hardware the licensed software is currently running on.. Microsoft would end up making bank either way, they'd love it.
Now, I honestly don't know if a non-tranferrable clause in a licensing agreement is legal, or if this is the reason that Microsoft is objecting.. the article doesn't say, it just says that Kmart hadn't listed -which- licenses it was going to transfer.
At the start of the article...
;)
Prolonged time playing video games could cause people to lose concentration, get angry easily and have trouble associating with others, a Japanese professor's research has suggested.
and a little further down.. Many of the people in this group told researchers that they got angry easily, couldn't concentrate, and had trouble associating with friends
Interestingly, the article doesn't say that the study itself concludes ".. that playing video games could cause people to lose concentration, get angry easily and have trouble associating with others.. ", it just says that the research 'suggests' it -- suggests to who? - looks to me a little bit like the lose concentration/anger easy/trouble associating bit was something the people writing the article threw in. (i.e., it doesn't say 'the study found that' but 'Many people in this group told researchers', which to me is -a lot- different - 'many people say xxx' doesn't prove xxx )
The whole article ends with "During childhood, playing outside with friends, not videogames, is the best option.". well, duh.
If you brought a bed in to play chess on at a ;)
:)
tournament, and jumped on it, the judges would
probably either kick you out or make you walk up to the scoreboard and mark yourself a loss
Thanks for the laugh, i enjoyed it.
True enough, and then Godel's theorem would apply, to the axiomatic system that you just defined. However, that system is -not- the game of chess, you grok? It would be an axiomatizable theory based on the rules of chess, but any true but unprovable statement in your axiomatic theory would -not be a legal position- in chess. All legal positions in chess are reachable via the rules, since the rules are what defines a legal position. Therefore, no positions _impossible_ to calcucate (however, there is the practicality issue)
I wasn't taking a vehemently personal stance, I was vehemently disagreeing - the 'you're smoking rock' bit wasn't intended as a personal attack but as an emphasis of my position, I apologize if it was taken in another manner.
You're smoking rock.
Godel's First Incompleteness Theorem: Any adequate axiomatizable theory is incomplete. In particular the sentence "This sentence is not provable" is true but not provable in the theory.
Godel's Second Incompleteness Theorem: In any consistent axiomatizable theory (axiomatizable means the axioms can be computably generated) which can encode sequences of numbers (and thus the syntactic notions of "formula", "sentence", "proof") the consistency of the system in not provable in the system
The reason you're smoking rock: Chess is a finite state machine, not an axiomatizable theory.
Chess is not an axiomatic system that is used to prove or disprove statements (an 'axiomatizable theory'). The rules of chess are not an axiomatic system that make statements about number theory or anything else, they are merely rules that can be applied to get from one board position to another. In other words, chess is a finite state machine, with the players deciding what move to make (when it's their turn) to get to the next state. There are, admittedly, a huge number of states, but to apply Godel's theorem you'd have to be able to truthfully say something like 'There is a position in chess which is a legal position, but is not reachable by starting with the initial board position and applying moves". You cannot make this statement truthfully, since if it were unreachable in this fashion, the conceived-of position is not legal.
There's no way that Sun-IBM anecdote was accurate. No company just rolls over for that much money when they can win for less in court.
If it's not accurate, I'd expect to see a libel lawsuit from IBM against Forbes.com.
Ethel rocks
The name 'Ethel' turned me off, so I didn't listen to that channel for about 3 months after I got XM - but now that I've listened to it, I'd have to agree - Ethel Rocks.
There's two comedy channels on XM, one is clean
(Laugh USA or something like that) the other (XM Comedy) is uncensored.
something like (paraphrasing) "I'll explain to you american politics... 'The puppet on the right is closer to my beliefs' ... 'No, the puppet on the left is closer to my beliefs' ... 'Hey, wait a minute, the puppets are on the hands of the same guy' ... 'Shhhhh!'"
What's the legal basis for a cut 50% of gross for two periods for a 3.85% pay reduction?
It looks like they're grabbing half of two paychecks to pay off the salary reduction for the whole year - including the months up to now (i did the math quickly, and 3.85% of my annual salary comes out to approx half of my monthly salary)
However, if it's 50% pay cut to pay a 3.85% cut on the entire annual salary, it looks to me like they're applying the cut to the salary they've currently paid up till now. Aren't retroactive pay cuts illegal? (note that I'm assuming it's illegal because it makes sense to me that it ought to be illegal, not that i know of any particular law that makes it illegal)
Is the 'In the event you do not wish to accept the reduction, you must advise the Human Resources Department immediately' a CYA line that lets them do a retroactive cut?
(Pls note that I'm not too savvy in this area, i'm asking because it doesn't make sense to me that they'd be able to do that - maybe I'm reading it wrong)
If you set up a vpn, you're usually going host->firewall, and the traffic is unencrypted on the back side of the firewall. ssh is -always- host to host.