I dunno my i730 is pretty nice. Also we moved away from pagers, since where I live the pager coverage was really starting to suck. I only got about 25% of my pages @ my house. While with the nextel I get all of them. So YMMV. Plus a standard text pager will only try the message X whereas the nextel keeps it for up to a week. so if I leave coverage, I get all my alerts the minute I come back into it.
We never trust nagios messages to e-mail. Heck what if we lost our connection to the net. We use nextel's and use snpp to send text messages. This way it is out of band. Dead simple to setup, just modified qpage to send to npa-nxx-NOTE. Where npa-nxx are the arecode and exchange of you nextel number.
Re:Point of Sale -- that's all
on
SCOoby Snacks
·
· Score: 2, Funny
It is just me, or does it seem like most of their case studies are POS systems of the earlier 90s?
Where POS == Piece of $h*t. Sorry couldn't resist:)
Glad I could help. My own problem is the nearest one to me is like 2.5 hours south of me, and for what it is worth, Your nick is awesome, and I do think it is Time for A guiness.
They already have some Lego stores in the mall, I don't think it would be too hard to add a bulk section.
The LEGO store I last went into, you could fill up 2 different size containers, with any of the basic blocks, pretty much mix and match. Next time I go down I was thinking about buying a bunch of Yellow and Black pieces for my Mindstorms kits..
But my mom told me never to take operating system advice from strange tatooed people...:) Probably good advice...
On a more serious note, what about all the GNU utilities (such as make) - does FreeBSD have its own alternatives, or do they get bundled into the distribution, or do you perhaps have to go download them yourself (surely not?)?
BSD comes with a full development enviroment, so most of the utilities you need are there, and if you need the GNU versions (some software requires GnuMake/AutoConf/etc. as opposed to the BSD versions), they are a port build away. If you install from ports, and a piece of software requires the GNU utils, it will install them as a dependancy.
How exactly is it licensed
It is licensed under a BSD license.
Should I consider Running it? Short answer: Yes (but I am biased)
Long Answer: It depends on your applications. FreeBSD is a rock solid Operating System, also it is distributed as an entire operating system, as opposed to GNU/Linux where you have the Linux Kernel and then what ever utils/programs $VENDOR has built around it. We run it on 20+ servers here and have been really happy with it. I run it on Multiple boxes at home also. Then again the 2 of us here are kinda FreeBSD bigots. Here is my leg to prove it so my opinion might be biased.
Depending on your application, you really should run the best Operating System for the Job. I haven't found the one perfect OS yet. For instance if you are running Java app servers you might want to look at Linux for that as it's java implementation seems to be better( but FreeBSD's is getting there quickly). The nice part is it free and you can just grab The ISO's and try it out on a spare machine.
Though I've never played with them because I'm a grown up now
So you don't play with Lego anymore that you are "grown up"? How sad:) Even though I would consider myself all growned up now (27), I still love mindstorms. Then again having replaced the firmware on my RCX with Lejos and building my own sensors for it, I enojoy it much more then the Programming kit that came with it.
I think a lot of this falls back to a much simply question: Why do we have DHCP addresses on the internet anyways? They do not change. I think mine is about 9 months old. Others tell of greater than a year with the same IP address. I think it would actually help security if people where give static IP addresses. Then they would have to take care of it to ensure they don't act stupid.
The simple answer here is this: Limited amount of resources. The same reason we use Dynamic addresses, is the same reason why we don't run modems in a 1:1 ratio. It is simple impossible to give everyone a static address, not to mention a waste of resources since not every single person will be online at any given time. I have 10,000K customers at the ISP I run. Do I have 10K ip addresses for them. No. If it went to my RIR (Arin in this case), and my justification for asking for another/19 was so I each one of my customers could have a static IP(although they may not all be online @ the same time), they would simple laugh at me.
The next reason is a configuration issue. It is much easier to use dynamically assigned IP's so that when the time comes to change, (say you are renumbering, have you every had to renumber 5K customers (I have and it isn't fun)), then you can make the change on the servers and propogate it out. Also you comment about DHCP addresses not changing is wrong. You address probably hasn't changed in 9months as you probably haven't turned you computer/server off in that time frame. My firewall (which is up 24x7) still has the same IP assigned by my ISP (I don't live in an area serverd my company), while if I plug one of my laptops directly into the Cablemodem and then use it like your average customer (you know turn it off every once in a while..) the address does change. In your case you just keep renewing the lease.
This is one reason why I keep track of the BW that I use on my cable connection @ home. In case they start to come after me. Then again I use very little (unless a new version of FreeBSD/OpenBSD comes out). That and the fact that I have 60+mb/s connection here at the office:). The reason I am keep track, both of data I requested and the crap they decided to let come to me (virus/port scans/etc..) . My reasoning behind this, is that I am a curious as to if they ever send me a letter, I want to see how close our data is.
As for work, we use BW caps to basically go after abusers. It is the same as the "unlimited dial-up account". IE if you camp on the line 24x7 we are going to charge you more. The price you are paying is based on the assumption of an over subscribed network. If the network wasn't over subscribed, no one would want to pay what it really costs to provide a guarnteed 3mb/s to everybody. I know I will probably get flamed, but I am sick and tired of people wanting something for nothing. IE Well we replaced a ptp t1(For $1500US/mnth -- in the sticks:) ), with a 512k/256K dsl circuit ($34.99), and they complain that it is too slow, and they thing it should be upped to 1.5mb down/768k up as this is a nominal amount of Bandwidth. and they don't think it should cost them anymore. That is what they hold button is for, to laugh at them, and then come back and say it can't be done.
For our dsl accounts that are BW capped, we provide a tool in our usertools that allow users to see how much they are using, so if they wind up over, they aren't surprised at the end of the month.
The big problem is that those browsers don't come with the OS, and your avg user probably isn't going to know about it. The biggest threat to this comes from the people clicking links in an HTML e-mail. My mail client don't render html mail unless I specifically say "show me the HTML". Also if mail comes through as an HTML only mail, no plain text part, then it is marked as spam. I see very few reasons why I need to see 10 different emoticons blinking, with flowery stationary around the outside edge of it, when someone says hello, but then again I am an old stick in the mud curmdegeon(Sp?). But then again not being a Windows user, and prefering to live most of my life in a cli, I rarely run into this problems. To see how much of a dork I really am check out my webpage and look at the photo's section under tattoos.
Like the avg user that falls for the paypal scam knows what a dns server is. Most people believe/trust everything they read in e-mail as long as the "from" address looks right or it looks official. This one might be rough since it might catch the "smarter" users that at least look at the address bar. Hopefully they will realize that it isn't under ssl, and there is now cert, so that they shouldn't do anything, but I am not holding my breath.
Of course it's the software! Blaming the user is lame.
How do you figure? This could easily have been done against *nix, MacOS, etc.. Once you get the user to run a program, all bets are off. Heck I could write a shell script that would send itself to everybody. all the tools you would need pretty much get installed with your default Linux install. find and mail come to mind. While I would love to blame $VENDOR we hate today, this is a user issue
I'd hate to be resolved by your company.
We provide 3rd level tech support, so if it comes to us, and there is nothing wrong with our equipment/network/software, and it is 'cause the user did something apparently suicidal (read format c: on Win32, rm -rf / on *nix, etc...) What can I/us do about it. Short Answer: nothing. The reason for the problem was not us, it was user related.
Of course a big admin like you would never have to wipe an reload a machine, now would you?
Have I? Yes. Do I have to anymore, no. There is a reason I am as you said "Big Admin"
Ha, blame the user for having abused the poor little box. Give me a break. Clicking widgets on the world wide web should not be able to destroy a users machine.
I agree 100% with you, and specifically didn't want to get in an argument about software/Operating Systems, I was just saying that this specific exploit/virus/malware required human interaction. It didn't exploit any specific vulnerabilites in outlook/windows. If someone would write a shell script to do this, and get the user to run it the same thing could happen on *nix. I am only blaming the user for not knowing enough about the what they are doing.
As others have pointed out, this attack vector isn't persea the software that user is running. The attack vector is the user, the old PEBKAC (Problem Exists Between Keyboard and Chair), which has been showing up as the resolution to many tickets in our troubleticket system.
The problem is no matter what we do, we can't prevent our users from shooting themselves in the foot. We rename attachments (.exe becomes _exe). We deny.com,.pif,.bat, tell them to keep their anti-virus software up to date, don't run strange attachments, and still we get this. At least we have started running all our outbound mail through AV scanning, and that cuts down on a bunch of the crap, but we still can't keep them from going "ooh shiny...." Click!. Until our users figure out that the computer is a little more dificult to use than their VCR (I don't want to get started on ease of use/convience vs security etc.. but when was the last time you played a movie, and you DDOS'd M$), and they actually need to be mindful of what they use/do on it, "bad people" will always be able to do bad things.
Then again these users are the same people that would call up the phone company complaining of $600+ phone bills to the Caribbean, etc... When you ask them if they have downloaded any programs that offer free "porn" they get all defensive, etc... A quick look at their computer shows tons of those dialer type apps that are making the equiv of 900 (in the US) type calls over seas, and they don't realize it.
For the record, my users would be the users of the ISP that I admin for...
The install scripts are probably the roughest part of my experience. One really _must_ read a thorough guide before attempting it.
Next time you want to try an OS, try OpenBSD. There are some rough install scripts:) Although after some reading, you can get through them pretty easy. The same with the FreeBSD install. I don't think it is wrong for an Operating System to have assume the user has some clue about what is in the computer, in order to install/use it.
As for the complaints about people telling him to read the manual,etc... It is solid advice. While I don't mind helping people, it gets kinda annoying when you are trying to help someone who doesn't want to help themselves, so sometimes people become jaded. If all you do it blindly do what people tell you without thinking or learning about it are you really better off?
I guess I am just wierd, I love to learn about different things, and don't mind reading tons of stuff before I install something. I guess I have given up on the it just works attitude, although it is nice when it happens. I love to play around with different Operating Systems, I have machines @ home that run Freebsd(4.8,5.0,5.1), RH Linux, BeOS5, Solaris 9, OpenBSD, Irix, NetBSD, Windows(XP,2k3), and MacOS X. Some where harder to install then other (OpenBSD and NetBSD on my Dreamcast), Some where dead simple(MacOS X), but each one presented its own challenge and and it's own learning curve.
Actually the more I read this, the more I realize I should probably get away from the computers and get rid of the JD on the rocks that is helping wash away the week from hell.
Yeah 5.0, the base install is a little rough. 5.1 is a much better install. A newcomer coming to FreeBSD, installing 5.0 is assine. I mean, the website clearly states Advanced Technology Release. 4.8 would have been a much easier starting block. I still have a 5.0 and patches laptop, that runs great. Although I am not a newbie to FreeBSD by any stretch See here for proof:) . I also have a 5.1 server @ home now, and I must say it is a much cleaner release, install, setup and make world/buildkernel went well, and it is sitting nicely in the corner, just quietly chuggin away.
well example.com wouldn't work as it's registered to iana, but yes in hindsight now(and what I will do if verisign turns the blasted thing back on), I could just look up *.tld, and get the magic address and store it. The problem was. Right when this was going on we where in the process of taking over another ISP, so trying to figure out if which of their domains was still valid, on on the hosts in question, got a lot harder...
why don't they try submitting it as a standard for the internet and get it peer-reviewed instead?
Simple, they knew the stink it would cause. It is the same tatic I have used with my wife when wanting a new toy -- It is better to ask for forgiveness than permission.
or even better some of us don't like to have to rewrite tons of scripts that use the DNS system for something besides the web. I mean there is more to the internet then just the World Wide Waste:). When Verisign decided it would do this, I noticed all my domain checking scripts stopped returning NXDOMAINS, and had to be hacked real quick to look for the magic site finder ip, and then before that wonderful Bind patch, had to worry that they would change the magic ip thus breaking my scripts again.
Then to add salt to my wounds, they send me an e-mail saying that my domain name is expired and I should call a friendly Verisign scumbag^H^H^H^H^H^Halesperson to help get my domain back. This was the last domain I had registered on them, and it was moved to OpenSRS 5 months ago. I don't see how someone this incompentant and this greedy should be put in charge of something this important.
Yep. Fat Fingers Strike again. To my defense, damn pager kept going off last night. To quote my wife "Hon, you really need a job that doesn't wake you @ 4am".:)
Slashdot Mirror
I dunno my i730 is pretty nice. Also we moved away from pagers, since where I live the pager coverage was really starting to suck. I only got about 25% of my pages @ my house. While with the nextel I get all of them. So YMMV. Plus a standard text pager will only try the message X whereas the nextel keeps it for up to a week. so if I leave coverage, I get all my alerts the minute I come back into it.
We never trust nagios messages to e-mail. Heck what if we lost our connection to the net. We use nextel's and use snpp to send text messages. This way it is out of band. Dead simple to setup, just modified qpage to send to npa-nxx-NOTE. Where npa-nxx are the arecode and exchange of you nextel number.
It is just me, or does it seem like most of their case studies are POS systems of the earlier 90s?
:)
Where POS == Piece of $h*t. Sorry couldn't resist
I use kopete all the time, albiet on FreeBSD, but kopete none the less. Works fine for both AIM and MSN (the only 2 IM accounts I actually use).
Glad I could help. My own problem is the nearest one to me is like 2.5 hours south of me, and for what it is worth, Your nick is awesome, and I do think it is Time for A guiness.
The LEGO store I last went into, you could fill up 2 different size containers, with any of the basic blocks, pretty much mix and match. Next time I go down I was thinking about buying a bunch of Yellow and Black pieces for my Mindstorms kits..
On a more serious note, what about all the GNU utilities (such as make) - does FreeBSD have its own alternatives, or do they get bundled into the distribution, or do you perhaps have to go download them yourself (surely not?)?
BSD comes with a full development enviroment, so most of the utilities you need are there, and if you need the GNU versions (some software requires GnuMake/AutoConf/etc. as opposed to the BSD versions), they are a port build away. If you install from ports, and a piece of software requires the GNU utils, it will install them as a dependancy.
How exactly is it licensed It is licensed under a BSD license.
Should I consider Running it? Short answer: Yes (but I am biased)
Long Answer: It depends on your applications. FreeBSD is a rock solid Operating System, also it is distributed as an entire operating system, as opposed to GNU/Linux where you have the Linux Kernel and then what ever utils/programs $VENDOR has built around it. We run it on 20+ servers here and have been really happy with it. I run it on Multiple boxes at home also. Then again the 2 of us here are kinda FreeBSD bigots. Here is my leg to prove it so my opinion might be biased.
Depending on your application, you really should run the best Operating System for the Job. I haven't found the one perfect OS yet. For instance if you are running Java app servers you might want to look at Linux for that as it's java implementation seems to be better( but FreeBSD's is getting there quickly). The nice part is it free and you can just grab The ISO's and try it out on a spare machine.
Though I've never played with them because I'm a grown up now
:) Even though I would consider myself all growned up now (27), I still love mindstorms. Then again having replaced the firmware on my RCX with Lejos and building my own sensors for it, I enojoy it much more then the Programming kit that came with it.
So you don't play with Lego anymore that you are "grown up"? How sad
The simple answer here is this: Limited amount of resources. The same reason we use Dynamic addresses, is the same reason why we don't run modems in a 1:1 ratio. It is simple impossible to give everyone a static address, not to mention a waste of resources since not every single person will be online at any given time. I have 10,000K customers at the ISP I run. Do I have 10K ip addresses for them. No. If it went to my RIR (Arin in this case), and my justification for asking for another /19 was so I each one of my customers could have a static IP(although they may not all be online @ the same time), they would simple laugh at me.
The next reason is a configuration issue. It is much easier to use dynamically assigned IP's so that when the time comes to change, (say you are renumbering, have you every had to renumber 5K customers (I have and it isn't fun)), then you can make the change on the servers and propogate it out. Also you comment about DHCP addresses not changing is wrong. You address probably hasn't changed in 9months as you probably haven't turned you computer/server off in that time frame. My firewall (which is up 24x7) still has the same IP assigned by my ISP (I don't live in an area serverd my company), while if I plug one of my laptops directly into the Cablemodem and then use it like your average customer (you know turn it off every once in a while..) the address does change. In your case you just keep renewing the lease.
Hope that helps,
-Patrick
This is one reason why I keep track of the BW that I use on my cable connection @ home. In case they start to come after me. Then again I use very little (unless a new version of FreeBSD/OpenBSD comes out). That and the fact that I have 60+mb/s connection here at the office :). The reason I am keep track, both of data I requested and the crap they decided to let come to me (virus/port scans/etc..) . My reasoning behind this, is that I am a curious as to if they ever send me a letter, I want to see how close our data is.
:) ), with a 512k/256K dsl circuit ($34.99), and they complain that it is too slow, and they thing it should be upped to 1.5mb down/768k up as this is a nominal amount of Bandwidth. and they don't think it should cost them anymore. That is what they hold button is for, to laugh at them, and then come back and say it can't be done.
As for work, we use BW caps to basically go after abusers. It is the same as the "unlimited dial-up account". IE if you camp on the line 24x7 we are going to charge you more. The price you are paying is based on the assumption of an over subscribed network. If the network wasn't over subscribed, no one would want to pay what it really costs to provide a guarnteed 3mb/s to everybody. I know I will probably get flamed, but I am sick and tired of people wanting something for nothing. IE Well we replaced a ptp t1(For $1500US/mnth -- in the sticks
For our dsl accounts that are BW capped, we provide a tool in our usertools that allow users to see how much they are using, so if they wind up over, they aren't surprised at the end of the month.
The big problem is that those browsers don't come with the OS, and your avg user probably isn't going to know about it. The biggest threat to this comes from the people clicking links in an HTML e-mail. My mail client don't render html mail unless I specifically say "show me the HTML". Also if mail comes through as an HTML only mail, no plain text part, then it is marked as spam. I see very few reasons why I need to see 10 different emoticons blinking, with flowery stationary around the outside edge of it, when someone says hello, but then again I am an old stick in the mud curmdegeon(Sp?). But then again not being a Windows user, and prefering to live most of my life in a cli, I rarely run into this problems. To see how much of a dork I really am check out my webpage and look at the photo's section under tattoos.
Like the avg user that falls for the paypal scam knows what a dns server is. Most people believe/trust everything they read in e-mail as long as the "from" address looks right or it looks official. This one might be rough since it might catch the "smarter" users that at least look at the address bar. Hopefully they will realize that it isn't under ssl, and there is now cert, so that they shouldn't do anything, but I am not holding my breath.
Probably going to regret this... but I'll bite
Of course it's the software! Blaming the user is lame.How do you figure? This could easily have been done against *nix, MacOS, etc.. Once you get the user to run a program, all bets are off. Heck I could write a shell script that would send itself to everybody. all the tools you would need pretty much get installed with your default Linux install. find and mail come to mind. While I would love to blame $VENDOR we hate today, this is a user issue
I'd hate to be resolved by your company.
We provide 3rd level tech support, so if it comes to us, and there is nothing wrong with our equipment/network/software, and it is 'cause the user did something apparently suicidal (read format c: on Win32, rm -rf / on *nix, etc...) What can I/us do about it. Short Answer: nothing. The reason for the problem was not us, it was user related.
Of course a big admin like you would never have to wipe an reload a machine, now would you?
Have I? Yes. Do I have to anymore, no. There is a reason I am as you said "Big Admin"
Ha, blame the user for having abused the poor little box. Give me a break. Clicking widgets on the world wide web should not be able to destroy a users machine.
I agree 100% with you, and specifically didn't want to get in an argument about software/Operating Systems, I was just saying that this specific exploit/virus/malware required human interaction. It didn't exploit any specific vulnerabilites in outlook/windows. If someone would write a shell script to do this, and get the user to run it the same thing could happen on *nix. I am only blaming the user for not knowing enough about the what they are doing.
As others have pointed out, this attack vector isn't persea the software that user is running. The attack vector is the user, the old PEBKAC (Problem Exists Between Keyboard and Chair), which has been showing up as the resolution to many tickets in our troubleticket system.
.com, .pif, .bat, tell them to keep their anti-virus software up to date, don't run strange attachments, and still we get this. At least we have started running all our outbound mail through AV scanning, and that cuts down on a bunch of the crap, but we still can't keep them from going "ooh shiny...." Click!. Until our users figure out that the computer is a little more dificult to use than their VCR (I don't want to get started on ease of use/convience vs security etc.. but when was the last time you played a movie, and you DDOS'd M$), and they actually need to be mindful of what they use/do on it, "bad people" will always be able to do bad things.
The problem is no matter what we do, we can't prevent our users from shooting themselves in the foot. We rename attachments (.exe becomes _exe). We deny
Then again these users are the same people that would call up the phone company complaining of $600+ phone bills to the Caribbean, etc... When you ask them if they have downloaded any programs that offer free "porn" they get all defensive, etc... A quick look at their computer shows tons of those dialer type apps that are making the equiv of 900 (in the US) type calls over seas, and they don't realize it.
For the record, my users would be the users of the ISP that I admin for...
One of my boxes
3ffe:bc0:431:1:2b0:d0ff:fe7b:df99
Next time you want to try an OS, try OpenBSD. There are some rough install scripts :) Although after some reading, you can get through them pretty easy. The same with the FreeBSD install. I don't think it is wrong for an Operating System to have assume the user has some clue about what is in the computer, in order to install/use it.
As for the complaints about people telling him to read the manual,etc... It is solid advice. While I don't mind helping people, it gets kinda annoying when you are trying to help someone who doesn't want to help themselves, so sometimes people become jaded. If all you do it blindly do what people tell you without thinking or learning about it are you really better off?
I guess I am just wierd, I love to learn about different things, and don't mind reading tons of stuff before I install something. I guess I have given up on the it just works attitude, although it is nice when it happens. I love to play around with different Operating Systems, I have machines @ home that run Freebsd(4.8,5.0,5.1), RH Linux, BeOS5, Solaris 9, OpenBSD, Irix, NetBSD, Windows(XP,2k3), and MacOS X. Some where harder to install then other (OpenBSD and NetBSD on my Dreamcast), Some where dead simple(MacOS X), but each one presented its own challenge and and it's own learning curve.
Actually the more I read this, the more I realize I should probably get away from the computers and get rid of the JD on the rocks that is helping wash away the week from hell.
Yeah 5.0, the base install is a little rough. 5.1 is a much better install. A newcomer coming to FreeBSD, installing 5.0 is assine. I mean, the website clearly states Advanced Technology Release. 4.8 would have been a much easier starting block. I still have a 5.0 and patches laptop, that runs great. Although I am not a newbie to FreeBSD by any stretch See here for proof :) . I also have a 5.1 server @ home now, and I must say it is a much cleaner release, install, setup and make world/buildkernel went well, and it is sitting nicely in the corner, just quietly chuggin away.
well example.com wouldn't work as it's registered to iana, but yes in hindsight now(and what I will do if verisign turns the blasted thing back on), I could just look up *.tld, and get the magic address and store it. The problem was. Right when this was going on we where in the process of taking over another ISP, so trying to figure out if which of their domains was still valid, on on the hosts in question, got a lot harder...
why don't they try submitting it as a standard for the internet and get it peer-reviewed instead?
Simple, they knew the stink it would cause. It is the same tatic I have used with my wife when wanting a new toy -- It is better to ask for forgiveness than permission.
or even better some of us don't like to have to rewrite tons of scripts that use the DNS system for something besides the web. I mean there is more to the internet then just the World Wide Waste :). When Verisign decided it would do this, I noticed all my domain checking scripts stopped returning NXDOMAINS, and had to be hacked real quick to look for the magic site finder ip, and then before that wonderful Bind patch, had to worry that they would change the magic ip thus breaking my scripts again.
Then to add salt to my wounds, they send me an e-mail saying that my domain name is expired and I should call a friendly Verisign scumbag^H^H^H^H^H^Halesperson to help get my domain back. This was the last domain I had registered on them, and it was moved to OpenSRS 5 months ago. I don't see how someone this incompentant and this greedy should be put in charge of something this important.
There's not a single feature of Windows that MS is responsible for inventing or even that they were first to market with.
Not even the BSOD?
Sorry couldn't resist...
Yep. Fat Fingers Strike again. To my defense, damn pager kept going off last night. To quote my wife "Hon, you really need a job that doesn't wake you @ 4am". :)
-
TinyDNS
-
Power DNS
-
NSD
Really depends on if you need a Recursive Caching server or just an Authoritive Server.http://www.isc.org/products/BIND/delegation-onl