What he said, MH is the tool for this task. I have mail going back to early 90s, each message in a separate text file, sorted into directories by year. Once you're archiving in this format, you can then index the files for more rapid searches, or, if you're old school, just grep around when you're looking for something.
Best thing is, once you have them organized this way, you're done, and can burn backups of the archive (by year) directories to CD or other long term storage, and not have to worry about loosing anything.
One warning: beware filesystem limitations on number of files in a directory. If you convert a HUGE amount of mail at one time and dump it into one dir, you may end up with a problem, so RTFM (read the friendly man pages) and plan ahead accordingly. You may need for example to split a year into quarters if that years mail exceeds a limit (not that I've run into that problem....)
BTW, the O'Reilly book is a must. Grab the pdf, but get a paper copy if you can as it's quite hefty.
There are flaws to both sides of your analysis because you left out a couple of "players" which are obviously and currently present in both meatspace and cyberspace: terrorists and rogue states.
Terrorists typically have no specific nationality, do NOT wear uniforms, and are not necessarily readily identifiable as such, or as to their origin or objective.
Rogue States simply by definition do not follow the rules, and believe it or not, in conventional warfare, there are internationally recognized laws of war, Geneva conventions, etc. Not only do these guys not play by the rules, they have also been known to sponsor terrorists, and hackers.
The proposal might help if signatory nation states ever openly "went at it". It won't help in the case of covert attacks because of the problem you and others point out of attribution, and won't help at all with the players I describe above.
First, if it's not already explicitly in scope for your existing contract, negotiate a "train my replacement" clause or task, at a premium over what you're already billing. Be frank with your customer that you both need to realize that they are asking you to train your replacement. You might be surprised to hear them say "no, we just want additional staff". If that's the case, negotiate for a long term contract of your own as a condition of training.
Then, mentor the young pup. Treat him like your son or daughter. Teach him everything. You can't teach experience though, so you're ahead no matter what. During this time, evaluate the person's capabilities, including the capability to listen and learn. Think of this as having an intern on somebody else's dollar.
If it all goes south and you lose your customer, you might be able to pull him with you (assuming he's worthy).
There is inherent danger in taking on a criminal element, cyber or otherwise, either as a reporter or a member of the law enforcement community. They are criminals, and do not adhere to the norms (laws and ethics) of society. Brian has chosen his path of reporting on and exposing these miscreants in a public forum, and to not hide his identity, knowing full well the risks of repercussions. He was so aware of the specific threat of being SWATted that he approached his local Law Enforcement authorities in advance of this attack to educate them and alert them to the possibility that he might be targeted. No, he didn't "deserve" what happened, and I would never imply that he did.
There is some safety in publicity; obviously, in this case, it was insufficient. DDOSing your web site in retaliation is one thing. THIS attack crossed the line. THAT's what "poking the wrong bear" means.
I'm guessing you've tried the cheapass foam plugs....
First (cheapest) option is to look for triple-flange earplugs. Look at a sporting goods store in the firearms department.
If that doesn't work for you, look into getting custom molded plugs made. I have a set from my time as a competitive shooter, and when they are in, and correctly seated, I cannot hear ANYTHING, even though I can feel the noise in many cases. For voices and random dorm noise, that should be sufficient.
Another option is a set of noise canceling headphones. Just don't feed them any input and they will still reduce ambient noise. I would recommend you borrow a set from a friend before investing, as the best are "over the ear" types, and they tend to create a sensation of pressure in your ears. Some folks find that uncomfortable.
Get the store a dawg. It needs to be a medium to large but friendly breed with a loud bark.
The key is, the store is his home. His people (the owners) come to visit him and spend time with him there every day. He gets lots of visitors who he can greet (customers).
End of the business day, his people leave him a small amount of food, plenty of fresh water, and a nice place to sleep, as well as run of the store.
Post signs. Dawgs protect their territory, which is why it needs to be HIS store (his home), not a bring to work dawg.
Caveat Emptor: check with the liability insurance carrier up front.
It's part of the standard, and I know, cause I helped write it.
Set the SSID the same for each AP. Set them on different channels so that the AP's don't "step on" each other's bandwidth. Roaming is a station-side (client in common usage) decision, so your PCs will automatically pick the AP with the best signal strength.
As far as authentication goes, this all depends on the AP. All should support PSK (preshared secret keys, aka passwords) and in that scenario, set them all to the same value on each AP. The PSK should be at least 24 characters long, and the SSID for the net unique to keep the security at acceptable levels and reduce the possibility of offline dictionary attacks against the PSK.
Assuming the APs support it, Enterprise grade authentication with individual per-user passwords is within reach at little to no cost. You can tie into Active Directory or set up a free AS (Authentication Server) using FreeRadius on a linux box. The definitive reference for doing this with an MS server is a book titled "Deploying Secure 802.11 Wireless Networks with Microsoft Windows". Make sure you check for updates to the book online, and there is an appendix which details how to set it all up in a lab environment, which will let you prove principle without screwing with the production network.
Google around and you will find loads of information on how to do this with Open Source, the key articles being some from Linux Journal from about 6-8 years ago.
There is no reason to not have various parts of the filesystem mounted from different disks or partitions on the same disk. If you do this, you can run part of the system on one filesystem, other parts on others as appropriate for their intended usage. This is commonly done on large servers for performance reasons, quite like the one you are asking about. It's also why SCSI ruled in the server world for so long since it made it easy to have multiple discs in a system.
So run most of your system on something stable, reliable and with good read performance, and the portions that are going to take a read/write beating on a separate partition/disc with the filesystem which has better read or write, whichever is needed, performance. If you segregate your filesystem like this correctly, an added benefit is that you can mount security critical portions of the filesystem readonly, making it more difficult for an attacker.
Interesting position the government is taking.....
I wonder if it applies to the government's data (actually, it's OUR data when you think about it) which they are busily migrating wholesale to the cloud?
I am a former Verizon employee, have worked in the call center serving small business accounts within the last 12 months, and have attended to these requests from customers.
It's a 5 minute edit in a legacy mainframe system.
Once.
A monthly charge is absurd, and I would advise bitching to a manager, and threatening to speak to the public utility commission and/or the FCC. You would be amazed how quickly that gets folks motivated.
IF you have a plan for this, and it sounds like you should, execute it. Manage by exception.
If Not. Any former active duty military on staff? As them to help orchestrate.
People first!
ORDERLY shutdown everything, then physically disco the UPSs. If staff is still on site and bugging out in their own vehicles, consider having them evac their own workstations. Your shit is already in the wind, this might save _some_ things you might otherwise miss.
The C-level officers and their secretaries PCs are important. They are not the same priority as joe shitbag in marketing. Prioritize. Printers, monitors, etc do NOT matter.
If you have one of those fancy document center (printer scanner fax wtf-ever) gizzies, and YOU HAVE TIME, rape the HD out of it. It has more juicy data than you would believe....
Servers. If you can grab em all, do so. Label EVERYTHING.
If not, grab the drives, as others have advised, and LABEL EVERYTHING. Package as well as you can. Ziplocking each drive is not a bad idea, and gives you the op to label the bag. Raid your shipping department for packing material, and when you run out, rape the padding in the office furniture.
Remember, people first!
Network infrastructure is less important than your corp data. All that being said, if you have time, now is a good time to dump the configs on the routers, firewalls, etc. to HARDCOPY to take with.
Same applies to the PBX.
Have fun....... and quit reading/. when you need to be saving your bacon!
I have a BS in Math from a southern liberal arts college that's going on 30 years old, and it has served me well.
I spent my first ~10 years as an active duty US Army Artillery officer, and my math background helped me not only to get job done, but to understand WHY things worked, and more importantly, why they might NOT be working.
I later transitioned to a Unix sysadmin gig, and then to information security, where I've been happily making a living for ~20 years.
The math helps. Let's you go toe-to-toe with the crypto geeks if nothing else. A BS degree carries a whole different type of cred than a BA as well. The social skills from the service help in understanding the hax0r mentality, and I'm pretty confident your wife's ed background and masters level degree would help in that area as well.
With the education and experience you describe your wife as having, she will not have any trouble stepping outside of the box, the first step is the hardest one. Get the resume in order, and start sending applications out.
First, I'm from the US (lived in Germany for a few years and speak Deutsch), so I'm acutely aware of the different business cultures.
My assumption is that the degree is not so much to teach you something, as to "check a box" and get you through the glass ceiling....
That being said, I would go for the Business Informatics track rather than pure CS. You are more likely to learn new things which are useful in the future career you describe there.
All you have to do to earn cred with the t-shirt crowd is to format your CV in TeX, show up with a linux laptop for your interview, and build a RepRap.
It's a modified version of a time honored traditional technique I learned while serving in the US Army.
If an instructor caught you nodding off in a class, he would wake you up, put a tear gas grenade in your hand and pull the pin. Your primary mission at that point became catching another troop going to sleep so you could pass the grenade.
Amazing what a live grenade in your hand will do to to keep you alert and focused......
1. Announce anyone caught cheating WILL fail the course.
2. Post exactly ONE proctor at the rear of the room. His job is to catch the FIRST cheat.
3. The first cheat should be escorted from the room, and given the following choice: become the proctor and catch another cheat, or fail. If you catch a cheat, you may retake the test and the cheat becomes the proctor with the same choice.
Lather, Rinse, Repeat.
I recommend you film for future entertainment value.
RIM solved this problem. If you don't want your data on somebody else's server, set up your own BES (Blackberry Enterprise Server) with YOUR security policies.
Taint cheap, but you gets what you pays for.......
The consumer blackberries connect to BESs operated by the carriers. My corporate owned one connects to OURS, and the company has all kinds of flexibility to impose policy, remote wipe, etc.
You're polishing your thesis, the crown jewel of a Masters of Science degree, and you can't figure this one out on your own?
Worse, you ask HERE!?!
Hint: Perhaps you should harness some of the experience in researching that you've piled into the past 5-7 years of academia, along with INSIDER ACCESS to academia to get an answer and recommendation worthy of consideration. Does your university have a law school? Go find a member of the legal faculty with some modern clue in the field of intellectual property.
On the other hand, you could rely on the 2^n monkeys on the Internet banging random crapola into keyboards to eventually come up with the "right answer".
Call a meeting of the competitors engineers. It's important you get them all in the room at one time with not too much advance warning of the topic.
Tell them what you think you want. Ask them as a group what you're missing. Then make them as a group come up with an eval plan and cook 'em off according to the plan they come up with.
If you need an independent judge, go to one of the labs that does independent third-party assurance and contract them to provide oversight.
Disclaimer: I've worked for one of those labs for the past 15 years.
Slashdot Mirror
What he said, MH is the tool for this task. I have mail going back to early 90s, each message in a separate text file, sorted into directories by year. Once you're archiving in this format, you can then index the files for more rapid searches, or, if you're old school, just grep around when you're looking for something.
Best thing is, once you have them organized this way, you're done, and can burn backups of the archive (by year) directories to CD or other long term storage, and not have to worry about loosing anything.
One warning: beware filesystem limitations on number of files in a directory. If you convert a HUGE amount of mail at one time and dump it into one dir, you may end up with a problem, so RTFM (read the friendly man pages) and plan ahead accordingly. You may need for example to split a year into quarters if that years mail exceeds a limit (not that I've run into that problem....)
BTW, the O'Reilly book is a must. Grab the pdf, but get a paper copy if you can as it's quite hefty.
Hope this helps.....
Red
Terrorists typically have no specific nationality, do NOT wear uniforms, and are not necessarily readily identifiable as such, or as to their origin or objective.
Rogue States simply by definition do not follow the rules, and believe it or not, in conventional warfare, there are internationally recognized laws of war, Geneva conventions, etc. Not only do these guys not play by the rules, they have also been known to sponsor terrorists, and hackers.
The proposal might help if signatory nation states ever openly "went at it". It won't help in the case of covert attacks because of the problem you and others point out of attribution, and won't help at all with the players I describe above.
They'll simply ignore it.
Red
Then, mentor the young pup. Treat him like your son or daughter. Teach him everything. You can't teach experience though, so you're ahead no matter what. During this time, evaluate the person's capabilities, including the capability to listen and learn. Think of this as having an intern on somebody else's dollar.
If it all goes south and you lose your customer, you might be able to pull him with you (assuming he's worthy).
THEN you're in a nice bargaining position.
Red
There is inherent danger in taking on a criminal element, cyber or otherwise, either as a reporter or a member of the law enforcement community. They are criminals, and do not adhere to the norms (laws and ethics) of society. Brian has chosen his path of reporting on and exposing these miscreants in a public forum, and to not hide his identity, knowing full well the risks of repercussions. He was so aware of the specific threat of being SWATted that he approached his local Law Enforcement authorities in advance of this attack to educate them and alert them to the possibility that he might be targeted. No, he didn't "deserve" what happened, and I would never imply that he did.
There is some safety in publicity; obviously, in this case, it was insufficient. DDOSing your web site in retaliation is one thing. THIS attack crossed the line. THAT's what "poking the wrong bear" means.
Red
First (cheapest) option is to look for triple-flange earplugs. Look at a sporting goods store in the firearms department.
If that doesn't work for you, look into getting custom molded plugs made. I have a set from my time as a competitive shooter, and when they are in, and correctly seated, I cannot hear ANYTHING, even though I can feel the noise in many cases. For voices and random dorm noise, that should be sufficient.
Another option is a set of noise canceling headphones. Just don't feed them any input and they will still reduce ambient noise. I would recommend you borrow a set from a friend before investing, as the best are "over the ear" types, and they tend to create a sensation of pressure in your ears. Some folks find that uncomfortable.
Hope this helps......
Red (retired Field Artillery Officer)
The key is, the store is his home. His people (the owners) come to visit him and spend time with him there every day. He gets lots of visitors who he can greet (customers).
End of the business day, his people leave him a small amount of food, plenty of fresh water, and a nice place to sleep, as well as run of the store.
Post signs. Dawgs protect their territory, which is why it needs to be HIS store (his home), not a bring to work dawg.
Caveat Emptor: check with the liability insurance carrier up front.
Red
If you're operating on a more basic level, clone the crufty code, put the cruft in comments explaining CLEARLY why you cut it out.
When you fix or replace what you cloned, comment there as to exactly what you think was wrong or broken, and how you fixed it.
One thing that is certain, with production code, you will NOT be the last person to work on it. Pay it forward with good practice.
Red
Set the SSID the same for each AP. Set them on different channels so that the AP's don't "step on" each other's bandwidth. Roaming is a station-side (client in common usage) decision, so your PCs will automatically pick the AP with the best signal strength.
As far as authentication goes, this all depends on the AP. All should support PSK (preshared secret keys, aka passwords) and in that scenario, set them all to the same value on each AP. The PSK should be at least 24 characters long, and the SSID for the net unique to keep the security at acceptable levels and reduce the possibility of offline dictionary attacks against the PSK.
Assuming the APs support it, Enterprise grade authentication with individual per-user passwords is within reach at little to no cost. You can tie into Active Directory or set up a free AS (Authentication Server) using FreeRadius on a linux box. The definitive reference for doing this with an MS server is a book titled "Deploying Secure 802.11 Wireless Networks with Microsoft Windows". Make sure you check for updates to the book online, and there is an appendix which details how to set it all up in a lab environment, which will let you prove principle without screwing with the production network.
Google around and you will find loads of information on how to do this with Open Source, the key articles being some from Linux Journal from about 6-8 years ago.
Hope this Helps......
I think you're not a very well trained sysadmin.
There is no reason to not have various parts of the filesystem mounted from different disks or partitions on the same disk. If you do this, you can run part of the system on one filesystem, other parts on others as appropriate for their intended usage. This is commonly done on large servers for performance reasons, quite like the one you are asking about. It's also why SCSI ruled in the server world for so long since it made it easy to have multiple discs in a system.
So run most of your system on something stable, reliable and with good read performance, and the portions that are going to take a read/write beating on a separate partition/disc with the filesystem which has better read or write, whichever is needed, performance. If you segregate your filesystem like this correctly, an added benefit is that you can mount security critical portions of the filesystem readonly, making it more difficult for an attacker.
Red
Interesting position the government is taking.....
I wonder if it applies to the government's data (actually, it's OUR data when you think about it) which they are busily migrating wholesale to the cloud?
Red
Red
It's a 5 minute edit in a legacy mainframe system.
A monthly charge is absurd, and I would advise bitching to a manager, and threatening to speak to the public utility commission and/or the FCC. You would be amazed how quickly that gets folks motivated.
Red
If Not. Any former active duty military on staff? As them to help orchestrate.
People first!
ORDERLY shutdown everything, then physically disco the UPSs. If staff is still on site and bugging out in their own vehicles, consider having them evac their own workstations. Your shit is already in the wind, this might save _some_ things you might otherwise miss.
The C-level officers and their secretaries PCs are important. They are not the same priority as joe shitbag in marketing. Prioritize. Printers, monitors, etc do NOT matter.
If you have one of those fancy document center (printer scanner fax wtf-ever) gizzies, and YOU HAVE TIME, rape the HD out of it. It has more juicy data than you would believe....
Servers. If you can grab em all, do so. Label EVERYTHING.
If not, grab the drives, as others have advised, and LABEL EVERYTHING. Package as well as you can. Ziplocking each drive is not a bad idea, and gives you the op to label the bag. Raid your shipping department for packing material, and when you run out, rape the padding in the office furniture.
Remember, people first!
Network infrastructure is less important than your corp data. All that being said, if you have time, now is a good time to dump the configs on the routers, firewalls, etc. to HARDCOPY to take with.
Same applies to the PBX.
Have fun....... and quit reading /. when you need to be saving your bacon!
Plan ahead next time, OK?
Red
I spent my first ~10 years as an active duty US Army Artillery officer, and my math background helped me not only to get job done, but to understand WHY things worked, and more importantly, why they might NOT be working.
I later transitioned to a Unix sysadmin gig, and then to information security, where I've been happily making a living for ~20 years.
The math helps. Let's you go toe-to-toe with the crypto geeks if nothing else. A BS degree carries a whole different type of cred than a BA as well. The social skills from the service help in understanding the hax0r mentality, and I'm pretty confident your wife's ed background and masters level degree would help in that area as well.
With the education and experience you describe your wife as having, she will not have any trouble stepping outside of the box, the first step is the hardest one. Get the resume in order, and start sending applications out.
Red
My assumption is that the degree is not so much to teach you something, as to "check a box" and get you through the glass ceiling....
That being said, I would go for the Business Informatics track rather than pure CS. You are more likely to learn new things which are useful in the future career you describe there.
All you have to do to earn cred with the t-shirt crowd is to format your CV in TeX, show up with a linux laptop for your interview, and build a RepRap.
Red
Remove the HDs
Boot from a CD (live CD distro), allow user-owned USB drives for persistent storage.
Optionally, customize the live CD to your needs, installing and removing packages to suit the task.
Red
Given the yeast they evolved, "Saccharomyces cerevisiae", does this mean we get better, or more intelligent beer?
Red
Actually, it was not.
It's a modified version of a time honored traditional technique I learned while serving in the US Army.
If an instructor caught you nodding off in a class, he would wake you up, put a tear gas grenade in your hand and pull the pin. Your primary mission at that point became catching another troop going to sleep so you could pass the grenade.
Amazing what a live grenade in your hand will do to to keep you alert and focused......
Red
No Technology required:
1. Announce anyone caught cheating WILL fail the course.
2. Post exactly ONE proctor at the rear of the room. His job is to catch the FIRST cheat.
3. The first cheat should be escorted from the room, and given the following choice: become the proctor and catch another cheat, or fail. If you catch a cheat, you may retake the test and the cheat becomes the proctor with the same choice.
Lather, Rinse, Repeat.
I recommend you film for future entertainment value.
Red
RIM solved this problem. If you don't want your data on somebody else's server, set up your own BES (Blackberry Enterprise Server) with YOUR security policies.
Taint cheap, but you gets what you pays for.......
The consumer blackberries connect to BESs operated by the carriers. My corporate owned one connects to OURS, and the company has all kinds of flexibility to impose policy, remote wipe, etc.
Red
Griffin Powermate. Been around a while, affordable.
http://store.griffintechnology.com/powermate-1
Let the net do your shopping to save $bucks.
Lots more out there, this has easy interface via USB.
Red
For non-american consumers of the english language, the subject line means: "Damn right, about time!"
Hopefully the sanity will spread in a viral sense internationally, as in to the US and other patent-tarded(tm) countries.
Red
Old but authoritative. Start here
http://www.amazon.com/Macintosh-Human-Interface-Guidelines-Computer/dp/0201622165
Warning: --Flammable Objects ahead!--
You're polishing your thesis, the crown jewel of a Masters of Science degree, and you can't figure this one out on your own?
Worse, you ask HERE!?!
Hint: Perhaps you should harness some of the experience in researching that you've piled into the past 5-7 years of academia, along with INSIDER ACCESS to academia to get an answer and recommendation worthy of consideration. Does your university have a law school? Go find a member of the legal faculty with some modern clue in the field of intellectual property.
On the other hand, you could rely on the 2^n monkeys on the Internet banging random crapola into keyboards to eventually come up with the "right answer".
Oh, wait......
( Sheesh.... )
Red
Call a meeting of the competitors engineers. It's important you get them all in the room at one time with not too much advance warning of the topic.
Tell them what you think you want. Ask them as a group what you're missing. Then make them as a group come up with an eval plan and cook 'em off according to the plan they come up with.
If you need an independent judge, go to one of the labs that does independent third-party assurance and contract them to provide oversight.
Disclaimer: I've worked for one of those labs for the past 15 years.
Stand back and watch the fun......
Red