I agree that I fail to see any pressing need for crackberries. While at work in front of my main computer, however, my teammates and I run an IRC server for ourselves. Rather than be interrupted by phone calls, emails, and meetings, we are able to be in constant communication and it enhances our work rather than distract from it. Add to this a wiki for publishing documentation on what we are working on, and our own group is pretty efficient. Now the company as a whole, however, that's a different story.
Re:Sudo is a tool not the entire solution
on
Sudo vs. Root
·
· Score: 1
Or even real human ones. I do this so that my NOC can troubleshoot and admin remote firewalls:
Cmnd_Alias FREESWAN=/usr/local/sbin/ipsec,/sbin/service,/sbin /shutdown,/usr/sbin/mtr,/sbin/mii-tool,/bin/rpm
admin ALL = NOPASSWD: FREESWAN
I use sudo on the branch office linux-based firewalls I deploy for use with an 'admin' account. That account is the one my NOC can log into, via keyed ssh (each users's keys are added to the admin accounts authorized_keys file). Sudo is configured to only allow specific commands, and to require no password. So I get strong authentication, and a NOC that can troubleshoot things without having to escalate to me and waste my time for what 99.999% of the time is an ISP connection issue.
Microsoft would not be where it is today if people hadn't 'stolen' their software. They LOVE that they are now so prolific, in no small part due to piracy for use in the home. This is especially true of Microsoft Office products.
And also 3des, which we require for managing our Nokias.
Gives me a good excuse to run Firefox at work, when the director asks why I can't use our standard browser:)
Yup. And I notice that those theatres that have digital are also the ones that show television ads on the big screen. I paid for the movie, why do you think I want to see that crap? no thanks.
Just because they have to support companys with messed-up infrastructure does not mean that they have to mess their own up as well. Why does a salesperson, or an executive secretary need to run any M$ stuff vs. IBM's workspace? Why would IBM want to run M$ DNS/DHCP/IIS/ISA for their infrastructure when they have superior products of their own?
It's a great example of a total lack of properly implemented project management. And unfortunately, it's exactly the type of crap I see at my own job every day:(. Here they want to buy software to fix process problems. They don't understand that you have to have a well defined process, and then you can try to make that process better (if possible) with software. The really irritating thing is that we have some very skilled people here who know the 'big picture' of how to use IT to improve processes, but management constantly just throws canned software at things hoping to make it better.
Too bad CEOs don't pay attention to that, and only look at what an outsourcing company claims it can save them while hitting current SLAs. I'm tasked with moving a lot of my duties to India this year. Resources not as adept as those already employed aside, the project is being rushed (they expect this to all be complete in only 6 months. We're talking lan/wan infrastructure, firewalls, application support, help desk, EVERYTHING). It's doomed to failure. During the initial decision to do this, management decided they knew how to design the networks between us and the outsourcing company, rather than trust their employees (ie, me and the guy who is stuck managing the CF that is this project). Again...it doesn't take a genius to see where this is heading.
Because some of us run legitimate lists with several AOL members on, and AOL *already* makes things miserable for us. This makes it worse to the point where I may have to tell my AOL users that I cannot support them. Considering the president of the club I do this for is an AOL user, it likely means I won't be the one providing the service any longer. And I refuse to sign up on any Yahoo! groups, so I'll end up being the one excluded.
'We believe more choices, and more alternatives, for safety and e-mail authentication is a good thing for the Internet, not bad,' said an AOL spokesman. 'Everything that AOL has in place today free for e-mail senders remains -- and will only improve.'
uh huh. How about you fix this crap then, AOL? (tos warning for a legitimate user of a legitimate list...notice how AOL forges the #!$@# to line, and likely breaks some RFCs (I don't feel like checking). And where does AOL get off thinking they can call this TOS? I'm not the one on your network that you are screwing.
Return-Path: <scomp@aol.net> Received: from omr-m14.mx.aol.com (omr-m14.mx.aol.com [64.12.136.12]) by XXXXXXXXXXXXXX (8.13.1/8.13.1) with ESMTP id k21FeQv1007779 for <XXXXXXXXXXXX>; Wed, 1 Mar 2006 10:40:28 -0500 Received: from scmp-r10.mail.aol.com (scmp-r10.mail.aol.com [172.17.2.105]) by omr-m14.mx.aol.com (v107.10) with ESMTP id RELAYIN1-24405bf2e3c3; Wed, 01 Mar 2006 10:35:10 -0500 Received: from imo-m23.mail.aol.com (imo-m23.mail.aol.com [172.20.107.69]) by scmp-r10.mail.aol.com (8.13.5/8.12.11) with ESMTP id k21FZ1u2010038 for <scomp@aol.net>; Wed, 1 Mar 2006 10:35:01 -0500 Received: from undisclosed@undisclosed.com by imo-m23.mx.aol.com (mail_out_v38_r7.3.) id g.26f.690fe2e (7372) for <scomp@aol.net>; Wed, 1 Mar 2006 10:34:51 -0500 (EST) From: <scomp@aol.net> Message-ID: <26f.690fe2e.3137191a@aol.com> Date: Wed, 1 Mar 2006 10:34:50 EST Subject: Client TOS Notification To: tosspam@aol.com MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="part1_26f.690fe2e.3137191a_boundary" X- Mailer: OSM Client X-Spam-Flag: NO X-Loop: scomp X-AOL-IP: 172.17.2.105 X-NotSpam-Score: 1.572/3, (#) AWL,BAYES_00,DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST, FORGED_MSGID_AOL,NO_REAL_NAME,SPF_PASS X-Scanned- By: MIMEDefang 2.52 on 192.168.1.5 X-Greylist: Delayed for 00:05:09 by milter-greylist-2.0.2 (XXXXXXXXXXXXXXXXXXX [192.168.1.5]); Wed, 01 Mar 2006 10:40:29 -0500 (EST)
Not only that, but it will make providing legitimate mailing lists that happen to have a lot of AOL users on them impossible. I have enough problems with AOL's braindead mail server configurations as it is. Now they want me to also pay them for the privilege to deal with their incompetence??? (I run a small ~250 user mail list *FREE OF CHARGE* for my cycling team, many of whom are AOL users).
...it is with 'joe average' using only the tool he knows. For example, companies that use spreadsheets where they should be using databases. Heck, using spreadsheets with macros for 'code' even. You want joe average involved? Make him work with a DBA for the storage, but let him work on the 'interface' to that data using whatever tools he is comfortable with. That would be great because mr. average is definitely the expert in making an interface that makes his own job more efficient, but having the right back end ensures that all groups can effectively share their information (or not share as security dictates).
Yet more tools that allow little groups of idiots and PHB's to think they are programmers and DBAs. It's bad enough where I work they are implementing sharepoint with no direction (they are basically using it as a big, inefficient drive share with no organization whatsoever...luckily for my own team, we continue to use mediawiki).
This type of thing ultimately just leads to chaos and inefficiency. Thanks, Microsoft.
If the only thing they know is the application, then who cares about the OS? Just make that app the only thing they point and click on their desktop, or better up, make it their 'shell' Heck, you could run X with a simple little perl text menu:
Press 1 to launch this app Press 2 to run that one etc
At least where I work. The systems put in place get in the way more than help. The culture around here is that software will define our process. That's a very wrong way to think. You should define process, and get software that helps make that process more efficient.
Make it easy for normal users to use mail aliases. Offer it as a service that will automatically reject anything to any address not the proper alias for that particular company.
For example, if I am larry@foo.net, and I sign up for online banking using larry.bank@foo.net, then if something from 'bank.com' is addressed to larry@foo.net, I *KNOW* this is a phishing attempt and I reject it.
Why not make it easy for mail users to create aliases in the system? For example, if they receive something to their normal account from their bank, they KNOW this is a phishing attack, because the bank would not have the normal address on record.
Before greylisting things, I used to have some phishing attacks slip through my spam filters. 'Ebay' would send to my gspath account. Too bad that is not who I am on Ebay.
There is a hell of a lot more to security than patching. How about not running services you don't need in the first place? How about configuring those that are needed conservatively? How about segregating your networks with firewalls?
Slashdot Mirror
Screw 'em both. Symbian on Nokia seems impressive to me.
I agree that I fail to see any pressing need for crackberries. While at work in front of my main computer, however, my teammates and I run an IRC server for ourselves. Rather than be interrupted by phone calls, emails, and meetings, we are able to be in constant communication and it enhances our work rather than distract from it. Add to this a wiki for publishing documentation on what we are working on, and our own group is pretty efficient. Now the company as a whole, however, that's a different story.
Or even real human ones. I do this so that my NOC can troubleshoot and admin remote firewalls: Cmnd_Alias FREESWAN=/usr/local/sbin/ipsec,/sbin/service,/sbin /shutdown,/usr/sbin/mtr,/sbin/mii-tool,/bin/rpm
admin ALL = NOPASSWD: FREESWAN
I use sudo on the branch office linux-based firewalls I deploy for use with an 'admin' account. That account is the one my NOC can log into, via keyed ssh (each users's keys are added to the admin accounts authorized_keys file). Sudo is configured to only allow specific commands, and to require no password. So I get strong authentication, and a NOC that can troubleshoot things without having to escalate to me and waste my time for what 99.999% of the time is an ISP connection issue.
Microsoft would not be where it is today if people hadn't 'stolen' their software. They LOVE that they are now so prolific, in no small part due to piracy for use in the home. This is especially true of Microsoft Office products.
And also 3des, which we require for managing our Nokias. Gives me a good excuse to run Firefox at work, when the director asks why I can't use our standard browser :)
Unix: Everything is a file. Microsoft: All kinds of different metaphors, none the same version to version.
Yup. And I notice that those theatres that have digital are also the ones that show television ads on the big screen. I paid for the movie, why do you think I want to see that crap? no thanks.
Just because they have to support companys with messed-up infrastructure does not mean that they have to mess their own up as well. Why does a salesperson, or an executive secretary need to run any M$ stuff vs. IBM's workspace? Why would IBM want to run M$ DNS/DHCP/IIS/ISA for their infrastructure when they have superior products of their own?
It's a great example of a total lack of properly implemented project management. And unfortunately, it's exactly the type of crap I see at my own job every day :(. Here they want to buy software to fix process problems. They don't understand that you have to have a well defined process, and then you can try to make that process better (if possible) with software. The really irritating thing is that we have some very skilled people here who know the 'big picture' of how to use IT to improve processes, but management constantly just throws canned software at things hoping to make it better.
Too bad CEOs don't pay attention to that, and only look at what an outsourcing company claims it can save them while hitting current SLAs. I'm tasked with moving a lot of my duties to India this year. Resources not as adept as those already employed aside, the project is being rushed (they expect this to all be complete in only 6 months. We're talking lan/wan infrastructure, firewalls, application support, help desk, EVERYTHING). It's doomed to failure. During the initial decision to do this, management decided they knew how to design the networks between us and the outsourcing company, rather than trust their employees (ie, me and the guy who is stuck managing the CF that is this project). Again...it doesn't take a genius to see where this is heading.
Because some of us run legitimate lists with several AOL members on, and AOL *already* makes things miserable for us. This makes it worse to the point where I may have to tell my AOL users that I cannot support them. Considering the president of the club I do this for is an AOL user, it likely means I won't be the one providing the service any longer. And I refuse to sign up on any Yahoo! groups, so I'll end up being the one excluded.
uh huh. How about you fix this crap then, AOL? (tos warning for a legitimate user of a legitimate list...notice how AOL forges the #!$@# to line, and likely breaks some RFCs (I don't feel like checking). And where does AOL get off thinking they can call this TOS? I'm not the one on your network that you are screwing.
Not only that, but it will make providing legitimate mailing lists that happen to have a lot of AOL users on them impossible. I have enough problems with AOL's braindead mail server configurations as it is. Now they want me to also pay them for the privilege to deal with their incompetence??? (I run a small ~250 user mail list *FREE OF CHARGE* for my cycling team, many of whom are AOL users).
...it is with 'joe average' using only the tool he knows. For example, companies that use spreadsheets where they should be using databases. Heck, using spreadsheets with macros for 'code' even. You want joe average involved? Make him work with a DBA for the storage, but let him work on the 'interface' to that data using whatever tools he is comfortable with. That would be great because mr. average is definitely the expert in making an interface that makes his own job more efficient, but having the right back end ensures that all groups can effectively share their information (or not share as security dictates).
Yet more tools that allow little groups of idiots and PHB's to think they are programmers and DBAs. It's bad enough where I work they are implementing sharepoint with no direction (they are basically using it as a big, inefficient drive share with no organization whatsoever...luckily for my own team, we continue to use mediawiki).
This type of thing ultimately just leads to chaos and inefficiency. Thanks, Microsoft.
If the only thing they know is the application, then who cares about the OS? Just make that app the only thing they point and click on their desktop, or better up, make it their 'shell' Heck, you could run X with a simple little perl text menu:
Press 1 to launch this app
Press 2 to run that one
etc
I was looking forward to the crackberry addicts at my company to actually begin paying attention in meetings and such again.
At least where I work. The systems put in place get in the way more than help. The culture around here is that software will define our process. That's a very wrong way to think. You should define process, and get software that helps make that process more efficient.
Funny? No. Mod +5 horrifying.
Somewhat similar to my idea:
Make it easy for normal users to use mail aliases. Offer it as a service that will automatically reject anything to any address not the proper alias for that particular company.
For example, if I am larry@foo.net, and I sign up for online banking using larry.bank@foo.net, then if something from 'bank.com' is addressed to larry@foo.net, I *KNOW* this is a phishing attempt and I reject it.
Maybe I should apply for a patent.
Are you sure phishing is so easy to recognize?
http://isc.sans.org/diary.php?date=2006-02-13
Why not make it easy for mail users to create aliases in the system? For example, if they receive something to their normal account from their bank, they KNOW this is a phishing attack, because the bank would not have the normal address on record.
Before greylisting things, I used to have some phishing attacks slip through my spam filters. 'Ebay' would send to my gspath account. Too bad that is not who I am on Ebay.
That's because MDI is a horrible UI. Tabs are ok, though. Don't get me started on the way M$ implemented MDI with recent versions of excel.
There is a hell of a lot more to security than patching. How about not running services you don't need in the first place? How about configuring those that are needed conservatively? How about segregating your networks with firewalls?