Sounds pretty similar to the activity involving honeypots these days. For those who haven't heard of it, the idea to to have a system that may or may not be vulnerable (lots of people use default installs but hardened systems are becoming more common) that are heavily monitored with the idea that if they're broken into, the admins can use them as a research tool to learn more about how the blackhat community works.
Some people also use them as "detection" or early warning devices, e.g. the low-hanging fruit idea: if you have a vulnerable system amongst several real production systems, hopefully the honeypot will get compromised and you'll be able to detect the intruder before he gets to the real targets. Interesting to see the same thing done here...
Having been on of the admins for a pretty large website (top 50 according to Media Metrix), I can definitely state that DoS attacks are a royal pain. Sure, you can throw infrastructure at a problem and alleviate it, but you can't defeat it -- and they just keep coming. It's the type of attack I've never understood: it doesn't gain the attacker anything (unlike rooting a box), it's nothing but being a hoodlum.
My grandfather did something better: he took a signal generator and hooked it to his amplifier/stereo, then left it on all night at max volume but at "dog whistle" frequencies... sure, he had to put up with one night of dog whining, but it cured the problem after that...
In your example, is the government the user? In that case, there's no difference between this and proprietary software. That is, the government (and many other organizations) will want to do their own testing to be sure that the patch doesn't break something else. Yeah, that sucks, but that's the way it goes (pessimism about 6 months notwithstanding).
Now consider the case where, not the government, but the public are the users. Suddenly the situation changes it. Whether or not the gov't accepts the patch, person B's patch is generally available. In fact, this may even result in a fork of sorts: a "government version" developed with the use of public funds by public agency, and a "public version" of the app, which tracks the government version changes but also backports fixes and such. Now you have a winner: the gov't does it's own thing in production, and We The People get the benefit of that code, person A's review, and person B's patch.
My wife immigrated to this country about 6 years ago, having studied "school" English (ie she knew only the basics). So, like lots of people, she watched popular TV to learn American English as well as the local culture. The two shows she watched?
I Love Lucy and The Simpsons.
Oh, what a wonderfully warped wife I have now...;) In any case, I think they were particularly good choices given the immense influence they've had on our society as well as the reflection of the society itself.
I believe it... having run W2k on a p-233 laptop w/ 64MB of RAM, I can state that it runs just fine. Granted, most *nices run faster on it, but it's far from unusable or sluggish.
The link in the/. story has been corrected; if you're wondering (like I was) what all the link-correction focus was, the original link was to genesismission.COM, not.ORG.
The moderators are not some separate group like your comment seems to suggest. The vast majority of moderators are readers who periodically get the privilege, on a limited basis, of moderating a few comments. So the people who are writing those comments today are the people who could be moderating tomorrow, and vice versa.
I moderate every couple of weeks; in fact, I have moderation points right now, but I'm not moderating this story so I can reply to this.
Ehh? Excuse me? Why the fsck do a properly configured serverfarm need firewalls _at all_? Please, enlighten us with your wisdom oh dimwit.
Firewalls _are not needed_ if you're not running services that _should not be running_ on servers for the internet.
Because
Defense in depth is a good philosophy to have, protecting against configuration mistakes.
You are also protected if exploit code is run (say via a buffer overflow that changes hosts.deny).
Firewalls can also protect against low-level attacks that don't attack the services/applications themselves.
When properly configured, firewalls can be invaluable in logging traffic and otherwise keeping out unwanted traffic and IP spoofs -- and can do a far better job than simple packet filtering on a router.
That said, anyone who believes that firewalls are the be-all end-all of security is fooling themselves.
I think it's pretty poor form to call someone else a dimwit when you're lacking a lot of info yourself. There's a reason that a firewall is industry-wide best practice for an Internet site or user network, and it's not because we're all dimwits.
...some things on the Net are going to have to become for-pay. No, Yahoo!'s main directory will probably stay free, but some other services will probably have to start requiring a fee.
The key to all of this is that Holy Grail of the Internet which *no one* has ever figured out: micropayments. Yahoo!, however, could actually make some money on a limited subscription model. There are a few services on Yahoo! that I'd be willing to pay for; I use them constantly. I pay $110+ for my Internet connection at home; if I needed to pay $5/month for all the services Yahoo! provides, then I'd probably be willing to do that.
In the meantime, though, banner advertising won't pay all the bills. I work for Superpages.com, and a large portion of our income is actually from selling listings to the same folks who buy yellow pages advertising. Advertising will have to get smarter and leaner if it's going to continue to be a major Internet revenue stream. It'll have to be more than that, though. Look at the folks on the Net who really are making money hand over fist: porn sites. And while there's lots of free stuff out there, yes, quite a bit of it is for-pay. The trick is to have a service worth it, whether you're selling porn, yellow pages listings, or My Yahoo!.
No, the Net will never become completely pay-as-you-go, thank goodness. But we're all going to have to learn a lesson we should have learned a long time ago: TANSTAAFL.
Not always. Just for grins, I compiled 2.2.18 on a uniprocessor system (AMD K6-2 333MHz) running 2.4.1. Based on repeated tests with one and two processes, I consistently find that giving make -j2 actually increased my compile time. It wasn't much (real elapsed time went from about 6:04 to 6:08, with virtually all of the increase coming in userland time), but enough to convince me that on my home workstation, I'm sticking with the compilation by one process.
Unlike some of the other results here, I'm still running on ext2 filesystems, so I didn't gain any performance benefits from ReiserFS. Maybe next week...
I was in 3rd grade at the time, and I remember another student (who had gotten to watch the launch in another class while the rest of us practiced cursive writing or somesuch) coming in and announcing "the Space Shuttle blew up". I got in trouble for telling Rudy, perhaps a little arrogantly:), that there was no way that could happen, the guys at NASA were too smart and too careful.
A few minutes later there was an announcement over the PA.
I remember coming home, watching the news all evening. I remember my dad sitting on the couch crying (the same man who would tell me bedtime stories about his memories of the Apollo and Mercury programs). I remember being frustrated because I thought that that was the end of the space program.
Like a lot of folks on/., I suspect, that was one of the formative moments of my life. From a long line of geeks/techies, I became determined to become one, too. Never made it to NASA:) (Gene Krantz is my hero) but nonetheless every time I watch a launch on TV or think about the ISS, I feel like that 9-year-old all over again.
This is not what I have been told. I've received
an e-mail from a RedHat pre-sales staff member
(Kathy, I believe) who stated categorically that
there will be NO support for SPARC in RedHat 7.0.
Could you please clarify what your statement
means? I'm pretty irritated about this myself, as
we often run RH6.2 on older SPARC systems for
workstations.
Actually, this "cute solution" is one that MANY libraries (including mine in Irving, Texas, and my mother's in Springfield, Missouri) apparently use. It's not necessarily that the librarians will walk around to look over people's shoulder to make sure they're not looking at something they shouldn't (actually, a librarian is more likely to offer suggestions on how to find other relevant material).
Rather, it's the fear of public shame. Somebody looking at goat porn in the library is quite likely to get publicly embarrassed by somebody.
Seems to me that, despite all the chatter about how the Internet is "changing the world", fundamental principles (freedom of speech, etc) still apply. The judicial system isn't perfect in any country, but I can't possibly see how this would help.
Simply put, it takes time for the judiciary to catch up to any new concept. Look how long it took the civil rights movement to win in the US courts. Whatever the problems still may be, racial discrimination is no longer a socially acceptable norm. That was a far more important concept, and it took time.
It will be the same here: despite the beyond-reasonable cynicism of many geeks, in time, the courts will eventually get things more-or-less right. Nothing will ever be perfect, granted, but let's not assume that everyone except technically qualified people are incompetent to have enough of an understanding of technology to be able to apply the legal principles upon which our society is based to it. And let's please not assume that there's any link between technical competence and ethical standards.
My suggestion would be to try to sign something stating that you cede your rights to the invention to the company (since it sounds like your employment contract gives them that anyway); at that point, should you still be involved in a patent process?
Alternately, sign it, then file a comment/complaint/whatever with the USPTO.:) Play both ends....
Actually, any sysadmin or security engineer who knows what he's doing does read those lists/sites. I'm not sure what you mean by "normal folks"; sure, my grandfather who does all his genealogy research online doesn't, but then, I'm not sure he needs to. If you mean "normal" system and network administrators, then I'd reply, that's part of their job. If they're not doing it, then their employer should get someone in there who will do the job correctly.
That depends on the size of your network. I see a lot of posts like this, but in a really large environment, it takes substantially more than that. For example: I work for a nameless phone company, but it's large (the largest in the US, hint hint). We now have on the order of 180 firewalls, and that's just one piece of the security puzzle. That costs substantially more than $50k. If I could secure our network with $50k, "half a brain, some security know-how, and OpenBSD", I'd be the hero of this company.
Too many people think that all networks are the small, easily managed size that characterizes small to medium size businesses. But networks that serve 260,000 employees and countless vendors/contractors are a beast of a different magnitude.
I see a lot of info about information density and price points, but what about access times? How long can we expect data requests to take? I understand that this is all still in its infancy, but I'm just interested in orders of magnitude. I would assume that it's faster than magnetic media requiring moving parts, but how does it compare to RAM and other silicon storage?
Anyone have any idea how CorelDraw compares with Visio or Dia? I'd be interested in using it for technical diagrams, although at this point I haven't tried Dia yet. Visio file import/export is also really important for a lot of people.
Check out SunWare. Yes, you can get freebies, but for the really nice stuff, they want you to pay. Many large vendors have setups like this one. And yes, many "self-respecting geeks" do wear such. I personally won't pay to advertise another company, but lots of folks will, evidently.
...between a kid wearing Nike gear and a techie wearing, say, Sun Microsystems shirts? Or a/. hat? I'd say we geeks are among the worst -- how many of us clamor for vendor stuff whenever possible? What about all the freebies at tradeshows?
Slashdot Mirror
Some people also use them as "detection" or early warning devices, e.g. the low-hanging fruit idea: if you have a vulnerable system amongst several real production systems, hopefully the honeypot will get compromised and you'll be able to detect the intruder before he gets to the real targets. Interesting to see the same thing done here...
Having been on of the admins for a pretty large website (top 50 according to Media Metrix), I can definitely state that DoS attacks are a royal pain. Sure, you can throw infrastructure at a problem and alleviate it, but you can't defeat it -- and they just keep coming. It's the type of attack I've never understood: it doesn't gain the attacker anything (unlike rooting a box), it's nothing but being a hoodlum.
My grandfather did something better: he took a signal generator and hooked it to his amplifier/stereo, then left it on all night at max volume but at "dog whistle" frequencies... sure, he had to put up with one night of dog whining, but it cured the problem after that...
Now consider the case where, not the government, but the public are the users. Suddenly the situation changes it. Whether or not the gov't accepts the patch, person B's patch is generally available. In fact, this may even result in a fork of sorts: a "government version" developed with the use of public funds by public agency, and a "public version" of the app, which tracks the government version changes but also backports fixes and such. Now you have a winner: the gov't does it's own thing in production, and We The People get the benefit of that code, person A's review, and person B's patch.
This is why Free software wins.
I Love Lucy and The Simpsons.
Oh, what a wonderfully warped wife I have now... ;) In any case, I think they were particularly good choices given the immense influence they've had on our society as well as the reflection of the society itself.
I believe it... having run W2k on a p-233 laptop w/ 64MB of RAM, I can state that it runs just fine. Granted, most *nices run faster on it, but it's far from unusable or sluggish.
From the movie War Games.
"Would you like to play Global Thermonuclear War"?
A communications disruption can mean only one thing: invasion.
The link in the /. story has been corrected; if you're wondering (like I was) what all the link-correction focus was, the original link was to genesismission.COM, not .ORG.
I moderate every couple of weeks; in fact, I have moderation points right now, but I'm not moderating this story so I can reply to this.
If you had read the FAQ, you would know all this.
Firewalls _are not needed_ if you're not running services that _should not be running_ on servers for the internet.
Because
Defense in depth is a good philosophy to have, protecting against configuration mistakes.
You are also protected if exploit code is run (say via a buffer overflow that changes hosts.deny).
Firewalls can also protect against low-level attacks that don't attack the services/applications themselves.
When properly configured, firewalls can be invaluable in logging traffic and otherwise keeping out unwanted traffic and IP spoofs -- and can do a far better job than simple packet filtering on a router. That said, anyone who believes that firewalls are the be-all end-all of security is fooling themselves.
I think it's pretty poor form to call someone else a dimwit when you're lacking a lot of info yourself. There's a reason that a firewall is industry-wide best practice for an Internet site or user network, and it's not because we're all dimwits.
Try
for server in $serverlist do
scp patchNNN.tar.gz $server
ssh $server (gunzip patchNNN.tar.gz; tar xf patchNNN.tar; install-patchNNN.sh)
done
It's not that hard to automate such a thing. Those 8000 servers are NOT managed individually -- that gets to be a real big pain, real fast.
The key to all of this is that Holy Grail of the Internet which *no one* has ever figured out: micropayments. Yahoo!, however, could actually make some money on a limited subscription model. There are a few services on Yahoo! that I'd be willing to pay for; I use them constantly. I pay $110+ for my Internet connection at home; if I needed to pay $5/month for all the services Yahoo! provides, then I'd probably be willing to do that.
In the meantime, though, banner advertising won't pay all the bills. I work for Superpages.com, and a large portion of our income is actually from selling listings to the same folks who buy yellow pages advertising. Advertising will have to get smarter and leaner if it's going to continue to be a major Internet revenue stream. It'll have to be more than that, though. Look at the folks on the Net who really are making money hand over fist: porn sites. And while there's lots of free stuff out there, yes, quite a bit of it is for-pay. The trick is to have a service worth it, whether you're selling porn, yellow pages listings, or My Yahoo!.
No, the Net will never become completely pay-as-you-go, thank goodness. But we're all going to have to learn a lesson we should have learned a long time ago: TANSTAAFL.
Not always. Just for grins, I compiled 2.2.18 on a uniprocessor system (AMD K6-2 333MHz) running 2.4.1. Based on repeated tests with one and two processes, I consistently find that giving make -j2 actually increased my compile time. It wasn't much (real elapsed time went from about 6:04 to 6:08, with virtually all of the increase coming in userland time), but enough to convince me that on my home workstation, I'm sticking with the compilation by one process. Unlike some of the other results here, I'm still running on ext2 filesystems, so I didn't gain any performance benefits from ReiserFS. Maybe next week...
A few minutes later there was an announcement over the PA.
I remember coming home, watching the news all evening. I remember my dad sitting on the couch crying (the same man who would tell me bedtime stories about his memories of the Apollo and Mercury programs). I remember being frustrated because I thought that that was the end of the space program.
Like a lot of folks on /., I suspect, that was one of the formative moments of my life. From a long line of geeks/techies, I became determined to become one, too. Never made it to NASA :) (Gene Krantz is my hero) but nonetheless every time I watch a launch on TV or think about the ISS, I feel like that 9-year-old all over again.
This is not what I have been told. I've received an e-mail from a RedHat pre-sales staff member (Kathy, I believe) who stated categorically that there will be NO support for SPARC in RedHat 7.0. Could you please clarify what your statement means? I'm pretty irritated about this myself, as we often run RH6.2 on older SPARC systems for workstations.
Rather, it's the fear of public shame. Somebody looking at goat porn in the library is quite likely to get publicly embarrassed by somebody.
Simply put, it takes time for the judiciary to catch up to any new concept. Look how long it took the civil rights movement to win in the US courts. Whatever the problems still may be, racial discrimination is no longer a socially acceptable norm. That was a far more important concept, and it took time.
It will be the same here: despite the beyond-reasonable cynicism of many geeks, in time, the courts will eventually get things more-or-less right. Nothing will ever be perfect, granted, but let's not assume that everyone except technically qualified people are incompetent to have enough of an understanding of technology to be able to apply the legal principles upon which our society is based to it. And let's please not assume that there's any link between technical competence and ethical standards.
Alternately, sign it, then file a comment/complaint/whatever with the USPTO. :) Play both ends....
Actually, any sysadmin or security engineer who knows what he's doing does read those lists/sites. I'm not sure what you mean by "normal folks"; sure, my grandfather who does all his genealogy research online doesn't, but then, I'm not sure he needs to. If you mean "normal" system and network administrators, then I'd reply, that's part of their job. If they're not doing it, then their employer should get someone in there who will do the job correctly.
Too many people think that all networks are the small, easily managed size that characterizes small to medium size businesses. But networks that serve 260,000 employees and countless vendors/contractors are a beast of a different magnitude.
I see a lot of info about information density and price points, but what about access times? How long can we expect data requests to take? I understand that this is all still in its infancy, but I'm just interested in orders of magnitude. I would assume that it's faster than magnetic media requiring moving parts, but how does it compare to RAM and other silicon storage?
Anyone have any idea how CorelDraw compares with Visio or Dia? I'd be interested in using it for technical diagrams, although at this point I haven't tried Dia yet. Visio file import/export is also really important for a lot of people.
Check out SunWare. Yes, you can get freebies, but for the really nice stuff, they want you to pay. Many large vendors have setups like this one. And yes, many "self-respecting geeks" do wear such. I personally won't pay to advertise another company, but lots of folks will, evidently.
...between a kid wearing Nike gear and a techie wearing, say, Sun Microsystems shirts? Or a /. hat? I'd say we geeks are among the worst -- how many of us clamor for vendor stuff whenever possible? What about all the freebies at tradeshows?