It was a bit rhetorical, but thank you for your reply:) What you point out is very much the "Ideals versus Institutions" gap pointed out by Samuel Huntington.
To add a little more rhetoric, let's italicize the oath of office in the US:
I do solemnly swear that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same; that I take this obligation freely, without any mental reservation or purpose of evasion; and that I will well and faithfully discharge the duties of the office on which I am about to enter: So help me God.
The Bill of Rights is peculiar in that it does not say "no citizen", but it says "no person."
Can someone explain how nearly 250 years of common law has managed to change the definition of a "person" to include US companies, but not foreign citizens utilizing services within the US?
Sorry, but your post is nonsensical, and I'm not sure if you read the article in its entirety.
As someone who is very critical of the media and sides with Noam Chomsky's critiques of American media, The NYT is the least "propaganda-y" publication available in America.
If you would like to prove your point about NYT editors being explicitly propagandists and implicitly liars who have something to hide, please answer me this question:
What is wrong with the Sulzberger family?
Amidst all the discussion of the paywall and how long it took slashdot to post this, I think the real point here has been missed:
The New York Times wrote a GREAT article disclosing in full, with technical detail, how they were compromised.
Kudos to them for this in-depth transparency.
The article described in detail how targeted malware attacks were brought against NYT employees. Those were launched from compromised university computers within the US. From there, the custom malware allowed them to hack a Windows AD Domain Controller, and obtain the NTLM hashes. They ran the NTLM hashes against a rainbow table and got 56 user passwords that they used for VPN access.
From there, they were tracked by a security consulting company using an intrusion detection system. They employed a great strategy of not knee-jerk kicking the hackers out, but of watching their moves and determining the scope of compromise. They used forensics hard drive analysis to recover logs and figure out exactly what data was being accessed.
Sounds like what I would do if I was called in for incident response. Except, NONE of my clients would ever allow a story of this detail to be published!!!
Hats off to the NYT for this level of transparency.
While they may not intend to exercise their rights, they still HAVE the rights to be able to use any instagram photos in ads, and use that for commercial purposes, etc.
So this is a great example of doublespeak/equivocation -- our contract lets us do what we want, but we promise not to use what it allows us to right now to avoid a PR frankenstorm.
I don't see how the case is closed after this...it isn't so much a case of we let lawyers write a document, as, we're just making sure we're "protected" to keep our "options" open in the future when we might "want" to exercise our rights to "your" photos...
Given Facebook's history on privacy policy shenanigans, I think any reasonably prudent person would not trust Instagram's assertions..
Become an IT consultant. You can get jobs at IT consulting companies at a junior to mid level, because that's how they make money -- paying junior guys little and then billing out at $125-$200 hour for them. Then, you will learn to get your skill level and job title up to that of "Systems Engineer", and then maybe "Senior Systems Engineer." During this time, you'll learn a lot more about tech, get out of just hardware/application support, and get exposed to lots of projects.
You will be sent work that is way above your head and have to figure it out, and in the process maybe even learn some PowerShell, etc. Then in your free time you can further develop those skills
The caveat is that IT consulting work is often difficult, with numerous simultaneous demands from lots of clients.
It requires good communication and strong interpersonal skills, it's very much about relationships and "soft" skills rather than specific tech skills.
But it's also like training that you get paid for, but only for really smart/diligent people (it's the real world, B+ is not good enough, projects have to all get an A).
Just apply to IT consulting shops every time you see a job opening. Even send in resumes if they aren't looking for people -- consulting shops are ALWAYS looking for people and if you send your resume to the right person, you might get hired real fast.
For some background, I've been an IT consultant for 7 years, worked in-house at a company for 2, and still do consulting on the side. My job title is "Systems Architect" or "Chief Engineer"
My opinion here is you've developed skills in IT, but now you're looking to do a bit of a "paradigm shift" and go into Development. However, there's big money these days for Sysadmins who can code well, e.g. python, powershell, ruby, and use it it some type of framework like Puppet or CFEngine etc.
You can become a rockstar DevOps Sysadmin if you get this down
I'd suggest Ruby first, then Python...but of course, you'll want to make sure your Linux/unix sysadmin knowledge is top notch too. I'm self taught so I'm not very good at telling people how to learn it besides "eh figure it out", but I'm sure you are industrious enough:)
In conclusion: Stick with IT. Also add Programming. Collect $$ for being a DevOps specialist.
The AC is right..he sent out this e-mail, and now is waiting for the potentially paranoid person to start making mistakes, acting nervous, or otherwise creating suspicion on themselves by trying to move suspicion away from themselves.
He also sent out the email to discourage any other Cisco employees from potentially engaging in leaking as well. Or, to stop the current leaker from leaking by injecting paranoia.
Had they any leads or information, this step would not have been necessary. The other employees would have been discouraged from leaking by the fact the leaker was busted, exposed, and their career ruined.
If you met me at work, you'd probably say I am definitely not a stoner or a drug user. I don't smell like weed, and look very professional, articulate coherently, etc.
No 'three letter agency' currently drug tests. It's really not that huge a deal as long as you are not a habitual drug user, someone who could readily be blackmailed or engaged in something extremely illegal (at which point you're invalid for a clearance, anyway).
This is the typical drug culture though: I engage in this lifestyle and thus everyone else does and we are being persecuted.
Not true. All 'three letter agencies' currently drug test. This is mandated by law in the United States, actually.
oh yeah, and I should definitely add that when I started hacking/etc, I wasn't yet a pot smoker. That came years later. But my hacker mentor, someone I knew only on IRC, was a major pothead, and I was very against it at first. Later experiences changed my mind on its harmfulness.
That said, I've spent a lot of time on IRC (this was my hacker training 1996-2002), etc and found there is a significant overlap between 'hacker' and 'stoner' circles, and later on, between 'hackers' and people into psychedelic music or rave scenes..hell, there's a whole genre of the rave scene called "cyber."
of course there's some selection bias because I'm a stoner, but I find the overlap to be too significant to explain away by that fact alone. What's your take on this?
I haven't met a too many good hackers who haven't, at least at one time, engaged in some drug use -- whether it be smoking weed (usually), tripping on mushrooms/acid, or cocaine etc..it seems to permeate the culture quite a bit.
A couple three-letter agencies once tried to recruit me, but I didn't want to stop going to festivals/parties, smoking pot, etc. It felt like I would have to become a square and this job would be my life, and I'd have to disown much of the culture I was associated with previously. Plus, I thought if I went forward, I'd never get past the polygraph where they ask you tons of questions about drug use, and it would just be a waste of time.
For context, I am an IT professional with a specialization in security and about 20-40% of my workload is security related.
Maybe if drug testing wasn't required, these agencies would get more applicants. But no one wants to piss in a cup on a monthly basis to work at a rate of pay less than they could get at companies that don't drug test.
Sounds like something Ann Coulter would say in reference to the media, but hardly objective, and quite telling about your commentary.
FYI -- the government of the United States is centrist with a skew toward the conservative side. It is not a "liberal government.", nor is it progressive.
When you take a look at party cleavages in the US (the demographics that the political parties have as their voter base), you'll see the Republicans at around 4.4, and the Democrats at about 5.2, on a scale of 1-10, with 1 being most conservative (fascist state) and 10 being most liberal (full-on communist).
Forcing government to make bad investments to make homes more affordable was a bipartisan, pork-barrel spending effort. It was very popular for the voting demographics on both sides. Everyone loves government subsidies when THEY are the ones getting the subsidy -- they only start to dislike it when they preceive others are getting more.
And the real helper here were the hedge funds that jumped on this bandwagon and sold/bought up all the toxic Credit Default Swaps, Collatoralized Debt Obligations (CDS/CDOs), etc, that really drove the market into the ground.
Maybe it's the hedge funds you should be calling "liberal" in such a condescending fashion.
I must confess that I also, ordered the CDs -- I believe it was from linuxiso and waited a few days -- but that was faster than downloading it which was uber-unreliable on dialup and would have required a solid connection for a week.
I also must've wiped the hard drive at least a few times and lost a bunch of data learning how to partition manually via fdisk etc to be able to install it.
I must also confess that I was 11 years old at the time, and my parents didn't allow me to keep the computer on overnight..how embarrassing but true...
I think it was running on a 486DX as well. Nice, you had the DX too -- with the floating point co processor!
These days I'm a systems architect (read: glorified sysadmin), and I prefer Mac OS X as a desktop environment in all honesty to Ubuntu, Fedora etc because it runs everything I need it to, and allows me native UNIX tools and command line shell for me to do real work in.
For my servers, I largely use CentOS. Main reason being because it is well documented, supported and packages maintained to be extremely stable. I am definitely a fan of yum package management -- but for a beginner, knowing the structure of a Makefile, what gcc is, what compiling is, how it works, how libraries are referenced, yadda yadda, really adds to your total understanding of the platform and allows you to troubleshoot things better rather than relying on google (or being able to add/modify what you read on google to suit your needs).
+1 on this. I installed Slackware '96 back when the penguin was a platypus. Learning how to compile stuff from source is much better for a beginner (albeit more difficult) than learning to use a package management system like yum or dpkg.
The 14th amendment doesn't grant "Human rights" to "property"...nor is human rights mentioned in the text, and property is mentioned in another context.
Corporate personhood is a judicial interpretation of the 14th amendment, which applied the equal protection clause to corporations. Nowhere in the text of the 14th amendment is this stated, and corporate personhood as a doctrine of law only came about 50+ years later.
Please read the Constitution before making rash claims as to what the Amendments say. The 14th amendment is one of the most important aspects of the Constitution and is what ended slavery in concert with the 13th amendment.
Fail2ban will block these bots (usually, ssh bruteforce attacks are the result of worms rather than actual script kiddies manually running them) from sshing into your system after a few failed attempts.
SSH-key only access will increase security by an order of magnitude. A bruteforce against a public-key only SSH server is untenable. Their script likely doesn't even support ssh keys and will just get kicked out with a protocol mismatch error. These attempts are meant to get in via password authentication, default credentials or weak passwords.
If you have SSH on any port exposed to the internet w/o fail2ban and/or ssh-key only access, you're asking for trouble. I've seen it happen on numbers of boxes with strong passwords for users -- eventually, they get in...
I think these people are considered bisexual or otherwise queer. You're not homosexual until you loose interest in the opposite sex for sexual reasons entirely.
While you not really be using ADS for Group Policy or anything else, your machines are domain members -- so the user profiles are stored in a username.DOMAIN format in C:\Users or (XP) C:\Documents and Settings\. For users to not have to setup a whole new profile, you'll have to make sure to migrate this accordingly -- that means rename the folder, modify permissions, and maybe even hack the registry a bit.
The Synology and QNAP (or any FreeNAS-based appliance) can be a domain member, meaning it can authenticate users to the domain. So, if someone is logged into a workstation as DOMAIN\john.doe, and john.doe has permission on the file share, they can access it without having to enter (or save via Start>Run>control keymgr.dll) a username/password -- since it's assumed. It also supports local authentication, so you can setup your 10 users in it as local users, and then save those credentials on individual workstations -- this is what you'd do in the absence of a domain controller.
However, as a Linux/samba/winbind based system of accessing ADS, it cannot be an Active Directory domain controller. So, if your existing 2K3 server were to fail, your users wouldn't be able to login to the NAS. And then their computers after whatever the group policy setting for password caching (typically 72 hours) expires.
This is why I would recommend -- as the most painless upgrade -- going with an actual, slim Windows 2K8 R2 server. Get a tower system that goes in a closet for 2-4k with basic RAID. Host file shares on that. Use Group policy to push printer/file share settings to all the workstations -- which wil; be simple because they're already on the domain. Then don't forget to demote your old domain controller (the 2K3) gracefully and then raise ADS services to 2K8 R2 level.
While a nice, business grade QNAP might be $500..disks making it maybe $750..the amount of time you'd spend migrating individual workstations off the domain would outweigh the benefit -- how much do you bill an hour as a lawyer? How many hours you willing to spend on this?
A properly configured 2K8 server with drive maps group policy, etc, could make the process of migration a breeze. So that might be the way to go despite the sexier, slimmer approach of the NAS appliance.
This is a rare instance I recommend using MS server if you're wondering if I'm an MS fanboy..I'm actually mostly a *nix admin...but it just makes sense in tihs case.
The NAS comes with its own local authentication that you can set in the absence of a domain, so a random user wouldn't have credentials, and thus wouldn't be able to access shares -- unless you explicitly set them public/open to everyone. The permissions on a Synology or QNAP are very clear and it's hard to do this by mistake.
Question to OP: Are your workstations joined to the domain and using the 2K3 server as a login server? Are login scripts, group policy etc used on the ten computers? Or are they all standalone? If they are standalone, replacing the 2K3 with a NAS I'd say is a very good option.
On a consulting basis I've converted a couple Windows SBS environments over to using a NAS. Users have been very happy with the change and these devices have performed well and been able to take over the function of the SBS provided they weren't using Sharepoint/Exchange.
I have to say, the QNAP and Synology are very effective, and easy to setup appliances. A typical slightly tech-savvy person could set this up without a problem -- it's little more difificult than a home router. The interface is very intuitive. I've found the QNAP is a bit more robust in its feature set, and if you go with the Pro+ models (starting at like $400-$500 w/o disks) based on the intel Atom processor. This is like getting a linux box with an x86_64 architecture. The thing can run a mySQL server/webserver etc.
After the initial setup, the NAS appliances need little/no maintenance. It can handle its own backup, or you can plugin an external disk and copy the array to it, alert you via-email if there's a drive/SMART issue,
Now, if you do already have a domain/ADS environment, you'll have to bring in some slim little machine to replace the 2K3 server as a Domain Controller. Both QNAP and Synology can join a domain and use AD logins and groups as credentials, making login seamless if the computers are domain members (no prompt for login/password etc)
Otherwise, you'd have to unjoin all the computers from the domain and make them standalone, and then migrate profiles back to local etc -- quite an IT expedition.
If this is your situation, I'd recommend going ahead and upgrading to a 2K8 R2 server on a slim machine, and perhaps just using that rather than a separate NAS appliance.
Of course, it's concerning that facebook profiles, pictures of you going through customs or from a drivers license etc, are now beginning to be tapped into by the government and private sector alike.
In this case, while I think it's a cause for concern for almost every facebook user, the folks I have the most concern about are activists of various sorts.
Facebook, while famed for its use in the Arab Spring for facilitating communication between activists, hardly seems like a bastion of privacy for US citizens. The Arab spring was a bit different than the activism the US or other Western governments would like to target though -- in fact, they encouraged the uprisings. What about forms of dissent that the US or Western governments don't like? The most prominent recent example is Occupy Wall Street, and regardless what you think about their message, it's easy to see how some subpoenas to facebook could be used to completely subvert an opposition organization. They would be able to find who these activists are without even arresting them -- they'd be able to use facial recognition software, get information on all their friends and relationships on facebook, and then track them between rallies and protests etc. with more facial recognition.
Imagine if the FBI had this ability in the 1960s to crack down on the civil rights movement?
Maybe a decentralized, p2p form of social networking will make facial recognition and tracking etc more difficult for governments and private companies in the future? Or is it already too late for most since the information is all on Facebook to stay?
Slashdot Mirror
It was a bit rhetorical, but thank you for your reply :) What you point out is very much the "Ideals versus Institutions" gap pointed out by Samuel Huntington.
To add a little more rhetoric, let's italicize the oath of office in the US:
I do solemnly swear that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same; that I take this obligation freely, without any mental reservation or purpose of evasion; and that I will well and faithfully discharge the duties of the office on which I am about to enter: So help me God.
Oh the times, Oh the Morals.... --Cicero
The Bill of Rights is peculiar in that it does not say "no citizen", but it says "no person."
Can someone explain how nearly 250 years of common law has managed to change the definition of a "person" to include US companies, but not foreign citizens utilizing services within the US?
As someone who is very critical of the media and sides with Noam Chomsky's critiques of American media, The NYT is the least "propaganda-y" publication available in America.
If you would like to prove your point about NYT editors being explicitly propagandists and implicitly liars who have something to hide, please answer me this question: What is wrong with the Sulzberger family?
The New York Times wrote a GREAT article disclosing in full, with technical detail, how they were compromised.
Kudos to them for this in-depth transparency.
The article described in detail how targeted malware attacks were brought against NYT employees. Those were launched from compromised university computers within the US. From there, the custom malware allowed them to hack a Windows AD Domain Controller, and obtain the NTLM hashes. They ran the NTLM hashes against a rainbow table and got 56 user passwords that they used for VPN access.
From there, they were tracked by a security consulting company using an intrusion detection system. They employed a great strategy of not knee-jerk kicking the hackers out, but of watching their moves and determining the scope of compromise. They used forensics hard drive analysis to recover logs and figure out exactly what data was being accessed.
Sounds like what I would do if I was called in for incident response. Except, NONE of my clients would ever allow a story of this detail to be published!!!
Hats off to the NYT for this level of transparency.
So this is a great example of doublespeak/equivocation -- our contract lets us do what we want, but we promise not to use what it allows us to right now to avoid a PR frankenstorm.
I don't see how the case is closed after this...it isn't so much a case of we let lawyers write a document, as, we're just making sure we're "protected" to keep our "options" open in the future when we might "want" to exercise our rights to "your" photos...
Given Facebook's history on privacy policy shenanigans, I think any reasonably prudent person would not trust Instagram's assertions..
Then, you will learn to get your skill level and job title up to that of "Systems Engineer", and then maybe "Senior Systems Engineer." During this time, you'll learn a lot more about tech, get out of just hardware/application support, and get exposed to lots of projects.
You will be sent work that is way above your head and have to figure it out, and in the process maybe even learn some PowerShell, etc. Then in your free time you can further develop those skills
The caveat is that IT consulting work is often difficult, with numerous simultaneous demands from lots of clients.
It requires good communication and strong interpersonal skills, it's very much about relationships and "soft" skills rather than specific tech skills.
But it's also like training that you get paid for, but only for really smart/diligent people (it's the real world, B+ is not good enough, projects have to all get an A).
Just apply to IT consulting shops every time you see a job opening. Even send in resumes if they aren't looking for people -- consulting shops are ALWAYS looking for people and if you send your resume to the right person, you might get hired real fast.
For some background, I've been an IT consultant for 7 years, worked in-house at a company for 2, and still do consulting on the side. My job title is "Systems Architect" or "Chief Engineer"
You can become a rockstar DevOps Sysadmin if you get this down
I'd suggest Ruby first, then Python...but of course, you'll want to make sure your Linux/unix sysadmin knowledge is top notch too. I'm self taught so I'm not very good at telling people how to learn it besides "eh figure it out", but I'm sure you are industrious enough :)
In conclusion: Stick with IT. Also add Programming. Collect $$ for being a DevOps specialist.
He also sent out the email to discourage any other Cisco employees from potentially engaging in leaking as well. Or, to stop the current leaker from leaking by injecting paranoia.
Had they any leads or information, this step would not have been necessary. The other employees would have been discouraged from leaking by the fact the leaker was busted, exposed, and their career ruined.
If you met me at work, you'd probably say I am definitely not a stoner or a drug user. I don't smell like weed, and look very professional, articulate coherently, etc.
No 'three letter agency' currently drug tests. It's really not that huge a deal as long as you are not a habitual drug user, someone who could readily be blackmailed or engaged in something extremely illegal (at which point you're invalid for a clearance, anyway).
This is the typical drug culture though: I engage in this lifestyle and thus everyone else does and we are being persecuted.
Not true. All 'three letter agencies' currently drug test. This is mandated by law in the United States, actually.
oh yeah, and I should definitely add that when I started hacking/etc, I wasn't yet a pot smoker. That came years later. But my hacker mentor, someone I knew only on IRC, was a major pothead, and I was very against it at first. Later experiences changed my mind on its harmfulness.
yeah, and some of us slashdotters go to things like burning man, and are considered "cool" in some type of subculture.. :)
That said, I've spent a lot of time on IRC (this was my hacker training 1996-2002), etc and found there is a significant overlap between 'hacker' and 'stoner' circles, and later on, between 'hackers' and people into psychedelic music or rave scenes..hell, there's a whole genre of the rave scene called "cyber."
of course there's some selection bias because I'm a stoner, but I find the overlap to be too significant to explain away by that fact alone. What's your take on this?
I haven't met a too many good hackers who haven't, at least at one time, engaged in some drug use -- whether it be smoking weed (usually), tripping on mushrooms/acid, or cocaine etc..it seems to permeate the culture quite a bit.
A couple three-letter agencies once tried to recruit me, but I didn't want to stop going to festivals/parties, smoking pot, etc. It felt like I would have to become a square and this job would be my life, and I'd have to disown much of the culture I was associated with previously. Plus, I thought if I went forward, I'd never get past the polygraph where they ask you tons of questions about drug use, and it would just be a waste of time.
For context, I am an IT professional with a specialization in security and about 20-40% of my workload is security related.
Maybe if drug testing wasn't required, these agencies would get more applicants. But no one wants to piss in a cup on a monthly basis to work at a rate of pay less than they could get at companies that don't drug test.
Sounds like something Ann Coulter would say in reference to the media, but hardly objective, and quite telling about your commentary.
FYI -- the government of the United States is centrist with a skew toward the conservative side. It is not a "liberal government.", nor is it progressive.
When you take a look at party cleavages in the US (the demographics that the political parties have as their voter base), you'll see the Republicans at around 4.4, and the Democrats at about 5.2, on a scale of 1-10, with 1 being most conservative (fascist state) and 10 being most liberal (full-on communist).
Forcing government to make bad investments to make homes more affordable was a bipartisan, pork-barrel spending effort. It was very popular for the voting demographics on both sides. Everyone loves government subsidies when THEY are the ones getting the subsidy -- they only start to dislike it when they preceive others are getting more.
And the real helper here were the hedge funds that jumped on this bandwagon and sold/bought up all the toxic Credit Default Swaps, Collatoralized Debt Obligations (CDS/CDOs), etc, that really drove the market into the ground.
Maybe it's the hedge funds you should be calling "liberal" in such a condescending fashion.
I also must've wiped the hard drive at least a few times and lost a bunch of data learning how to partition manually via fdisk etc to be able to install it.
I must also confess that I was 11 years old at the time, and my parents didn't allow me to keep the computer on overnight..how embarrassing but true...
I think it was running on a 486DX as well. Nice, you had the DX too -- with the floating point co processor!
These days I'm a systems architect (read: glorified sysadmin), and I prefer Mac OS X as a desktop environment in all honesty to Ubuntu, Fedora etc because it runs everything I need it to, and allows me native UNIX tools and command line shell for me to do real work in.
For my servers, I largely use CentOS. Main reason being because it is well documented, supported and packages maintained to be extremely stable. I am definitely a fan of yum package management -- but for a beginner, knowing the structure of a Makefile, what gcc is, what compiling is, how it works, how libraries are referenced, yadda yadda, really adds to your total understanding of the platform and allows you to troubleshoot things better rather than relying on google (or being able to add/modify what you read on google to suit your needs).
+1 on this. I installed Slackware '96 back when the penguin was a platypus. Learning how to compile stuff from source is much better for a beginner (albeit more difficult) than learning to use a package management system like yum or dpkg.
Corporate personhood is a judicial interpretation of the 14th amendment, which applied the equal protection clause to corporations. Nowhere in the text of the 14th amendment is this stated, and corporate personhood as a doctrine of law only came about 50+ years later.
Please read the Constitution before making rash claims as to what the Amendments say. The 14th amendment is one of the most important aspects of the Constitution and is what ended slavery in concert with the 13th amendment.
Why?
Fail2ban will block these bots (usually, ssh bruteforce attacks are the result of worms rather than actual script kiddies manually running them) from sshing into your system after a few failed attempts.
SSH-key only access will increase security by an order of magnitude. A bruteforce against a public-key only SSH server is untenable. Their script likely doesn't even support ssh keys and will just get kicked out with a protocol mismatch error. These attempts are meant to get in via password authentication, default credentials or weak passwords.
If you have SSH on any port exposed to the internet w/o fail2ban and/or ssh-key only access, you're asking for trouble. I've seen it happen on numbers of boxes with strong passwords for users -- eventually, they get in...
Homo = one
The Synology and QNAP (or any FreeNAS-based appliance) can be a domain member, meaning it can authenticate users to the domain. So, if someone is logged into a workstation as DOMAIN\john.doe, and john.doe has permission on the file share, they can access it without having to enter (or save via Start>Run>control keymgr.dll) a username/password -- since it's assumed.
It also supports local authentication, so you can setup your 10 users in it as local users, and then save those credentials on individual workstations -- this is what you'd do in the absence of a domain controller.
However, as a Linux/samba/winbind based system of accessing ADS, it cannot be an Active Directory domain controller. So, if your existing 2K3 server were to fail, your users wouldn't be able to login to the NAS. And then their computers after whatever the group policy setting for password caching (typically 72 hours) expires.
This is why I would recommend -- as the most painless upgrade -- going with an actual, slim Windows 2K8 R2 server. Get a tower system that goes in a closet for 2-4k with basic RAID. Host file shares on that. Use Group policy to push printer/file share settings to all the workstations -- which wil; be simple because they're already on the domain.
Then don't forget to demote your old domain controller (the 2K3) gracefully and then raise ADS services to 2K8 R2 level.
While a nice, business grade QNAP might be $500 ..disks making it maybe $750..the amount of time you'd spend migrating individual workstations off the domain would outweigh the benefit -- how much do you bill an hour as a lawyer? How many hours you willing to spend on this?
A properly configured 2K8 server with drive maps group policy, etc, could make the process of migration a breeze. So that might be the way to go despite the sexier, slimmer approach of the NAS appliance.
This is a rare instance I recommend using MS server if you're wondering if I'm an MS fanboy..I'm actually mostly a *nix admin...but it just makes sense in tihs case.
The NAS comes with its own local authentication that you can set in the absence of a domain, so a random user wouldn't have credentials, and thus wouldn't be able to access shares -- unless you explicitly set them public/open to everyone.
The permissions on a Synology or QNAP are very clear and it's hard to do this by mistake.
Question to OP: Are your workstations joined to the domain and using the 2K3 server as a login server? Are login scripts, group policy etc used on the ten computers? Or are they all standalone?
If they are standalone, replacing the 2K3 with a NAS I'd say is a very good option.
On a consulting basis I've converted a couple Windows SBS environments over to using a NAS. Users have been very happy with the change and these devices have performed well and been able to take over the function of the SBS provided they weren't using Sharepoint/Exchange.
I have to say, the QNAP and Synology are very effective, and easy to setup appliances. A typical slightly tech-savvy person could set this up without a problem -- it's little more difificult than a home router. The interface is very intuitive.
I've found the QNAP is a bit more robust in its feature set, and if you go with the Pro+ models (starting at like $400-$500 w/o disks) based on the intel Atom processor. This is like getting a linux box with an x86_64 architecture. The thing can run a mySQL server/webserver etc.
After the initial setup, the NAS appliances need little/no maintenance. It can handle its own backup, or you can plugin an external disk and copy the array to it, alert you via-email if there's a drive/SMART issue,
Now, if you do already have a domain/ADS environment, you'll have to bring in some slim little machine to replace the 2K3 server as a Domain Controller. Both QNAP and Synology can join a domain and use AD logins and groups as credentials, making login seamless if the computers are domain members (no prompt for login/password etc)
Otherwise, you'd have to unjoin all the computers from the domain and make them standalone, and then migrate profiles back to local etc -- quite an IT expedition.
If this is your situation, I'd recommend going ahead and upgrading to a 2K8 R2 server on a slim machine, and perhaps just using that rather than a separate NAS appliance.
Of course, it's concerning that facebook profiles, pictures of you going through customs or from a drivers license etc, are now beginning to be tapped into by the government and private sector alike.
In this case, while I think it's a cause for concern for almost every facebook user, the folks I have the most concern about are activists of various sorts.
Facebook, while famed for its use in the Arab Spring for facilitating communication between activists, hardly seems like a bastion of privacy for US citizens. The Arab spring was a bit different than the activism the US or other Western governments would like to target though -- in fact, they encouraged the uprisings. What about forms of dissent that the US or Western governments don't like?
The most prominent recent example is Occupy Wall Street, and regardless what you think about their message, it's easy to see how some subpoenas to facebook could be used to completely subvert an opposition organization. They would be able to find who these activists are without even arresting them -- they'd be able to use facial recognition software, get information on all their friends and relationships on facebook, and then track them between rallies and protests etc. with more facial recognition.
Imagine if the FBI had this ability in the 1960s to crack down on the civil rights movement?
Maybe a decentralized, p2p form of social networking will make facial recognition and tracking etc more difficult for governments and private companies in the future? Or is it already too late for most since the information is all on Facebook to stay?
Startup incubates you!
Email deletes you!