The deployment of services sounds interesting, but I have some questions.
Do you have a common system/platform guide that includes hardening etc. for all possible dev OS choices? Do you have to have documentation for each type of possible dev teams preferred OS or is that all standardized on the dev side? Does devops/IT apply what they want to the OS before deploying? What if it breaks?
Sorry I could be showing my age- most of my experience comes from the silo dev model (MGMT/DEV/QA/SEC). Everyone had tunnel vision and only cared that their part was minimally satisfied.
You may have guessed where I sat in my silo by myself as a team with a "say" in that process (I am no longer part of that process thankfully).
I totally agree with this- I have been through hurricanes in FL, blizzards and ice storms in NH, even a tornado in CT- and the copper phone line always worked despite having no power or Internet for several days (well beyond UPS and the built in battery backups of many units). During emergencies the authorities override the cell system and you can't even use your mobile. I went to VOIP for one year before I cancelled it. The Internet goes out and you're done, and it was ridiculously unreliable even when the Internet was up!
I have no cell service where I live, but I have a fempto cell that runs over my Internet connection. Sprint keeps trying to get me to drop my AT&T landline and switch to them since their fempto cell also supports a VOIP line. So _when_ the Internet or power goes out, I lose both my "landline" and my cell? No thanks!
I will rue the day that my copper line is pried from my grasp! I'm not even hip on fiber optic because you need power to send light signals. I suppose maybe by 2018 we could have affordable Solar on everyone's rooftop- I'd just have to cut down a bunch of trees!
Congrats Radi! Looks awesome, and perchance a suitable replacement for that *other* DOM based testing tool that I still use to this day even though the code base is wicked old and uber-outdated.:-)
Google isn't stupid enough to rely on a technology that one of their competitors controls (although apparently the original poster's company is).
Not that I pretend to know all the details about what's involved with the whole mess, but since it's in the news lately, and I feel there should be somewhat a level playing field- what about Dalvik?
Investing in any one is likely a bad idea; but the genre as a whole seems to be able to stay at least a bit ahead of the search guys, and likely makes a profit during that time. As long as regurgitating their mass of serf and/or script generated sludge in slightly different formats is cheap enough, they are unfortunately likely to be a decent investment on average.
Say! That gives me an idea! What if we bundle all these link farmer investments together, the good with the bad, and sell those off to unsuspecting investors! Do you think we could make a ton of money that way and screw a bunch of unsuspecting people? Would that work? Could we get away with that?
Kids vary wildly. My wife and I can barely leave our three in the same room watching TV without them arguing. I'm afraid they're not the usual slashdot mini-Einstein/Bear Grylls that everyone else here has.
Yeah thanks for this post- it's nice to see others that feel the same way. My kids are very intelligent and energetic, but they often argue with each other to the point that drive my wife and I mad. There are good days and bad days. We are looking into solutions that don't involve filling everyone's schedules carting kids from activity to activity, yet stimulate the mind and body- while not breaking the bank at the same time in these challenging economic times. We are considering cancelling cable and signing them up for things like karate and T-ball. Outside time is important and I do intend to look at the link in one the above posts, but our kids are too young to be outside by themselves at this point.
they come with a letter saying when we're done we want the routers back otherwise we're sending you a bill (as agreed on when you signed up for the program).
Hmm, according to the FAQ, that's not how it works:
They are catching up. $10/mo "smart phone charge" per line coming up and restructuring their customer plans so I'm losing one of my 2 year upgrade subsidies.
If I wasn't stuck in my contract I might jump ship TO AT&T. Sprint keeps claiming "look we're unlimited AND cheaper than AT&T"- I went to AT&T and mocked up a plan and it was the same price once they start charging these ridiculous smart phone fees.
And my wife and I are not high data users- in the last 2 years, combined, the highest month was 500MB, average is around 300MB (again- COMBINED). These surcharges should be based on the USAGE PATTERNS not the TYPE OF PHONE WE BUY.
And what about smaller appliance lights and such?... Halogen replacements don't necessarily exist here, either... nor LEDs at all. CFLs are better in most situations, but not all.
I was wondering the same thing- there are small lamps and other smaller fixtures where I can't even find CFLs that fit. I haven't looked for LEDs but I could start doing that too.
But the point is they are banning incandescents and there may not yet be adequate replacements. I hope they get bit by this, the fools. Stocking up seems silly, but I might just do it.
just turn them on several minutes and they'll be fully functional when you need them
Clearly this can't work in all scenarios, like coming home from work when you aren't there ahead of time. And it's certainly less than ideal in other cases. Sometimes you just can't anticipate needing to turn that light on.
Aaah 4D, back in the day. Brings back memories. We never did anything THAT crazy with it. We just ran our webserver with ColdFusion. Ok maybe that's worse.
I got these from a friend a few days ago, and then was astounded to see this article on Slashdot. The method requires jailbreaking (a whole other problem), but uses built-in system functions to dump various keychain creds!
I don't want to go down the rabbit hole, but without personally inspecting the source code of everything you run, you can't make any claims on the Open Source soap box. Lest we learn anything from OpenBSD's latest debacle?
Loadable libraries are available for every OS. I've been involved in writing a hooks based fault injector even for VMS. It can be used for nefarious things. Everything can be similary subverted. There are very few Neos and Trinities out there- I knew one, and he is doing amazing things for the US Govt.
You're right- of course turn off Javascript. I run NoScript and I've still let things slip- not malware mind you, just JavaScript. I've seen what Jeremiah Grossman, et. al. can do. It only takes once.
You can either use your device, or be perfectly safe. Obviously there is a happy medium, but that's different for everyone. If mutt, news and lynx work for you- more power to you.
Don't get me started on hardware. The AC below said it best.
It all depends on how deep the threat (or paranoia?) goes. DLL based keyloggers or malware can be very hard to both detect and bypass- so can full screen Javascript based ones. Hardware based (PS/2, USB, even other) keyloggers exist as well, and depending on the situation could be present (or imagined). There are many layers that can grab the plaintext before it becomes ciphertext and store it, beam it, or just piggyback out to the internet. Hardly anyone does exfiltration (it's such a pain right?). The DOD found a ton of stuff this way and now they do it. There's been rumblings over the last few years over foreign manufacturers building this stuff into normal hardware, like hard drives, NICs, keyboards, etc.
I actually just recently had some rodents- either mice or chipmunks- chew up the brand new wiring I had just replaced in my trailer. I was less than thrilled.
I wasn't sure if they were attracted to it for bedding material, could "smell" the copper inside, or what. I guess this makes a whole lot more sense. On top of the gaping holes in the wiring, when it shorted out it blew a bulb or two making troubleshooting all the more painful after I traced and patched the wiring. I thought I had more breaches, but it was just a dang 'ole bulb.;-)
I am going two factor now- I have declared war on the rodents and I'm armoring my trailer wiring.
Exactly- phrased differently- "A vulnerability actively being exploited in the wild was patched".
Granted, some of those actively exploiting it were the owners of the devices... but hey. You seriously don't know if it was being exploited by others for financial gain. If they were that good, you'd never know. I'm all for patching the vuln.
Slashdot Mirror
Yes do what you can on the device, but don't trust the device. Additional controls like banning the MAC at the network level are essential.
The deployment of services sounds interesting, but I have some questions.
Do you have a common system/platform guide that includes hardening etc. for all possible dev OS choices?
Do you have to have documentation for each type of possible dev teams preferred OS or is that all standardized on the dev side?
Does devops/IT apply what they want to the OS before deploying? What if it breaks?
Sorry I could be showing my age- most of my experience comes from the silo dev model (MGMT/DEV/QA/SEC). Everyone had tunnel vision and only cared that their part was minimally satisfied.
You may have guessed where I sat in my silo by myself as a team with a "say" in that process (I am no longer part of that process thankfully).
No more Points, Coupons now. Next you convert Coupons to Tokens. Then you make Tokens into Credits!
I totally agree with this- I have been through hurricanes in FL, blizzards and ice storms in NH, even a tornado in CT- and the copper phone line always worked despite having no power or Internet for several days (well beyond UPS and the built in battery backups of many units). During emergencies the authorities override the cell system and you can't even use your mobile. I went to VOIP for one year before I cancelled it. The Internet goes out and you're done, and it was ridiculously unreliable even when the Internet was up!
I have no cell service where I live, but I have a fempto cell that runs over my Internet connection. Sprint keeps trying to get me to drop my AT&T landline and switch to them since their fempto cell also supports a VOIP line. So _when_ the Internet or power goes out, I lose both my "landline" and my cell? No thanks!
I will rue the day that my copper line is pried from my grasp! I'm not even hip on fiber optic because you need power to send light signals. I suppose maybe by 2018 we could have affordable Solar on everyone's rooftop- I'd just have to cut down a bunch of trees!
Congrats Radi! Looks awesome, and perchance a suitable replacement for that *other* DOM based testing tool that I still use to this day even though the code base is wicked old and uber-outdated. :-)
In this case, $24,000 higher. That's per news outlet that wants a copy.
What stops ONE of the companies from getting it, and splitting the cost with the rest?
Google isn't stupid enough to rely on a technology that one of their competitors controls (although apparently the original poster's company is).
Not that I pretend to know all the details about what's involved with the whole mess, but since it's in the news lately, and I feel there should be somewhat a level playing field- what about Dalvik?
It's using aGPS. iPad 3G will do this just fine.
Investing in any one is likely a bad idea; but the genre as a whole seems to be able to stay at least a bit ahead of the search guys, and likely makes a profit during that time. As long as regurgitating their mass of serf and/or script generated sludge in slightly different formats is cheap enough, they are unfortunately likely to be a decent investment on average.
Say! That gives me an idea! What if we bundle all these link farmer investments together, the good with the bad, and sell those off to unsuspecting investors! Do you think we could make a ton of money that way and screw a bunch of unsuspecting people? Would that work? Could we get away with that?
Kids vary wildly. My wife and I can barely leave our three in the same room watching TV without them arguing. I'm afraid they're not the usual slashdot mini-Einstein/Bear Grylls that everyone else here has.
Yeah thanks for this post- it's nice to see others that feel the same way. My kids are very intelligent and energetic, but they often argue with each other to the point that drive my wife and I mad. There are good days and bad days. We are looking into solutions that don't involve filling everyone's schedules carting kids from activity to activity, yet stimulate the mind and body- while not breaking the bank at the same time in these challenging economic times. We are considering cancelling cable and signing them up for things like karate and T-ball. Outside time is important and I do intend to look at the link in one the above posts, but our kids are too young to be outside by themselves at this point.
they come with a letter saying when we're done we want the routers back otherwise we're sending you a bill (as agreed on when you signed up for the program).
Hmm, according to the FAQ, that's not how it works:
http://www.testmyisp.com/faq.html#faq-19
They are catching up. $10/mo "smart phone charge" per line coming up and restructuring their customer plans so I'm losing one of my 2 year upgrade subsidies.
If I wasn't stuck in my contract I might jump ship TO AT&T. Sprint keeps claiming "look we're unlimited AND cheaper than AT&T"- I went to AT&T and mocked up a plan and it was the same price once they start charging these ridiculous smart phone fees.
And my wife and I are not high data users- in the last 2 years, combined, the highest month was 500MB, average is around 300MB (again- COMBINED). These surcharges should be based on the USAGE PATTERNS not the TYPE OF PHONE WE BUY.
And what about smaller appliance lights and such? ... Halogen replacements don't necessarily exist here, either... nor LEDs at all.
CFLs are better in most situations, but not all.
I was wondering the same thing- there are small lamps and other smaller fixtures where I can't even find CFLs that fit. I haven't looked for LEDs but I could start doing that too.
But the point is they are banning incandescents and there may not yet be adequate replacements. I hope they get bit by this, the fools. Stocking up seems silly, but I might just do it.
just turn them on several minutes and they'll be fully functional when you need them
Clearly this can't work in all scenarios, like coming home from work when you aren't there ahead of time. And it's certainly less than ideal in other cases. Sometimes you just can't anticipate needing to turn that light on.
Aaah 4D, back in the day. Brings back memories. We never did anything THAT crazy with it. We just ran our webserver with ColdFusion. Ok maybe that's worse.
I'm not sure if this is what you were referring to, but this is immediately what I thought of when I saw this article:
http://www.youtube.com/v/uVGiNAs-QbY
And the paper: http://www.sit.fraunhofer.de/en/Images/sc_iPhone%20Passwords_tcm502-80443.pdf
I got these from a friend a few days ago, and then was astounded to see this article on Slashdot. The method requires jailbreaking (a whole other problem), but uses built-in system functions to dump various keychain creds!
I don't want to go down the rabbit hole, but without personally inspecting the source code of everything you run, you can't make any claims on the Open Source soap box. Lest we learn anything from OpenBSD's latest debacle?
Loadable libraries are available for every OS. I've been involved in writing a hooks based fault injector even for VMS. It can be used for nefarious things. Everything can be similary subverted. There are very few Neos and Trinities out there- I knew one, and he is doing amazing things for the US Govt.
You're right- of course turn off Javascript. I run NoScript and I've still let things slip- not malware mind you, just JavaScript. I've seen what Jeremiah Grossman, et. al. can do. It only takes once.
You can either use your device, or be perfectly safe. Obviously there is a happy medium, but that's different for everyone. If mutt, news and lynx work for you- more power to you.
Don't get me started on hardware. The AC below said it best.
It all depends on how deep the threat (or paranoia?) goes. DLL based keyloggers or malware can be very hard to both detect and bypass- so can full screen Javascript based ones. Hardware based (PS/2, USB, even other) keyloggers exist as well, and depending on the situation could be present (or imagined). There are many layers that can grab the plaintext before it becomes ciphertext and store it, beam it, or just piggyback out to the internet. Hardly anyone does exfiltration (it's such a pain right?). The DOD found a ton of stuff this way and now they do it. There's been rumblings over the last few years over foreign manufacturers building this stuff into normal hardware, like hard drives, NICs, keyboards, etc.
Again- risk, threat, paranoia.
PUMPKIN YOU INSENSITIVE CLOD!
Second!
Me too! I don't even own a PS3 and I want to buy one... just to see what Sony would do.
What grounds could they have against me if I own a bypass device without owning the device for which to bypass? :-)
But in the end, I'm too lazy, and cheap. *sigh*
I actually just recently had some rodents- either mice or chipmunks- chew up the brand new wiring I had just replaced in my trailer. I was less than thrilled.
I wasn't sure if they were attracted to it for bedding material, could "smell" the copper inside, or what. I guess this makes a whole lot more sense. On top of the gaping holes in the wiring, when it shorted out it blew a bulb or two making troubleshooting all the more painful after I traced and patched the wiring. I thought I had more breaches, but it was just a dang 'ole bulb. ;-)
I am going two factor now- I have declared war on the rodents and I'm armoring my trailer wiring.
I know this is only slightly on topic- but how was this registration found? Did they have to pay money to search the system?
What if I wanted to just go searching for a term? Or for all terms registered by a company? What stops people from doing that?
Exactly- phrased differently- "A vulnerability actively being exploited in the wild was patched".
Granted, some of those actively exploiting it were the owners of the devices... but hey. You seriously don't know if it was being exploited by others for financial gain. If they were that good, you'd never know. I'm all for patching the vuln.
Reality check. To quote the Italian Job:
"If there's one thing I know, it's never to mess with mother nature, mother in-laws and, mother freaking Ukrainians."