I'm guessing that something's missing from the story here...
Just that their IT staff is incompetent..
It's a school system. That's a given.
Add to that, any IT staff they have are *way* less (in numbers) than they need. Also a given.
Have I mentioned my sister's a teacher? Or that we here appear to have three times as many school trustees (28 for a population of ca.7 million) as are necessary, and they are more busy spending funds on lavish head office buildings than on funding schooling?
I have a linux box at my office next to a windows machine. The linux box has been broken two times.... that I know of, since the absence of linux AV software means that most intrusions likely go undetected.
FUD!
Clamav is old tech., if you insist on running AV software. Usually, the only reason you'd use it is your Linux box is the mailserver for your LAN's Win*/Mac boxes, and you don't want to pass malware on to them.
A properly configured *nix box won't be susceptible to malware, since they can only affect a user's $HOME, not the underlying system. Use a bulletproof root password, ensure only necessary services are running and are secured, and there's no reason why a *nix box would fall prey to any of the !@#$ that affects Win* daily.
Last I heard, > 70% of the net is driven by *nix in one form or another. Why is it that Google isn't pwned daily?:-O
So fine go tell the boss that you can't do it and then they say we can [find] [someone] that will and then who they get messes things up even more and you take all the blame and maybe even have to go to court after being sued / maybe even jailed for messing the system up.
See my.sig
You tell the boss you can't do it, means you've informed them that their assumptions are flawed and unreasonable.
They pull someone in to do it anyway, and they can't make it work, just like you said it wouldn't work.
How is it that you then get blamed for it not working? That "someone"'s failure proves you were correct and the boss was wrong.
What's more ridiculous is that you insist on using terns that contain the word "fuck" and then use the substitution "fsck". If "fuck" is so impolite for you to use, then why not express yourself differently?
I'm screwing with the Pakistani forbidden word IM filter.:-)
Back on topic, it seems a bit ridiculous that fscking NYC (FFS!!!) can't afford to buy the hardware & software needed to shore up this system. Wow. And I thought Sub-Saharan Africans and Bangladeshis had it tough.
dont you find it weird that governments are spying on their own citizens MORE than they spy on the enemy?
Not really. Because, when you get right down to it, the only real enemy of government officials are their own citizens who might fight to displace them.
Try harder. NAZI Germany wasn't taken offline by the German people.
This is why it keeps getting worse. None of [us] want to get our own hands dirty trying to fix it.
No, it's just that fixing stuff isn't that simple. If you don't do it right, it's a waste of time (and maybe worse). Do it right, and the problem never returns. Think like a geek: analyze the problem, design a solution, implement the design, test it to see if it actually fixes anything and works,...
Nathan Hale might've had the right point of view, but he was a pathetic failure as spies go (ask the CIA). Guy Fawkes might have had a brilliant flash of insight, yet the British Parliament still stands and he was last seen alive in a noose. Brilliant insight plus crap implementation == FAIL!
On the other hand, George Washington had the right point of view *and* he was a brilliant spymaster. Ditto, Ian Fleming.
I prefer the latter. I want my efforts to produce results, not just get me into (eg.) Lubianka.
Like the saying goes: If builders built buildings the way that programmers wrote programs...
Shitty saying. There's another (paraphrased): Crap programmers can write crap programs in any language.
Still another: An idea is not responsible for those who hold it. Just because Bill Gates had no idea what he was doing, doesn't mean all programmers have no idea what they're doing. Sweeping generalizations are *always* wrong.
Some (many?) crap programmers have created many deplorable situations. Happily, I'm one of the guys who gets called in to clean up their messes. When I leave, the problem's solved, never to return. They're left with one less unmaintainable mess.
May dmr's ghost haunt you to your grave, and beyond. >:-(
Are you SERIOUSLY speculating on a situation where your vital server is running off of WLAN?
Redhat has a few very popular downstream distros (Centos ring any bells?). If Redhat goes this way, it's likely they will too. However, they're not specifically distributing "Enterprise" class software as Redhat is. There's no telling where they might get installed.
Do you even do IT work for a living?
Ad hominem; slick. Have you completed your first year on HellDesk yet?:-)
Are you even aware that it is trivial and the work of an afternoon to re-roll a live distro with support for whatever you want?
Are you even recognizing why you'd need to do that? Because you can't read system logs because you, for whatever bizarre, so far unexplained reason, chose to write critical system logfiles that native *nix apps can't read.
To quote dailywtf, "Brillant!"
Again, WHY?!? For what problem does this provide a solution?!?
The point is that everyone is being ridiculous about this.
Possibly, but that includes *both sides*. I've yet to see anyone say *why* this's even being proposed. What is the problem that this approach solves? What's wrong with leaving the local logs text, and sending $whatever_format to the *LOGSERVER* to do as it pleases with them?
I certainly agree that a server is seldom going to find itself in a place lacking easy access to a network. Servers aren't the only things that FLOSS installs on, you know?
Besides, there's lots of live CDs. This'll have to propagate to SystemRescueCD, GPartedLiveCD, Freesbie, PCBSD,...
WTF for?!? Just 'cause it *can* be done?!? That's foolish "make work" BS.
I assume your live distro includes package management, right? Have you never installed wireshark, or vmfs support, or HFS+ support on a live cd?
Actually, no.:-) I've never needed them. I have had times when cat5 access to a router was necessary to complete an install, because wifi didn't work right off the bat.
No network access ~= $missing_some_special_app_just_to_read_syslog
WTF is the point of going that way? Is writing records out to syslog THAT CPU or I/O intensive? If so, WHY? I've worked on borked systems that were flooding/var/log with > 100,000 entries per day. THAT's what needed to be fixed.
I don't get it. readJournalLog ~= Windows Registry! Why go there?!?
Is there any reason to assume that 'cat', 'tail', and 'grep' would function and 'readJournalLog' would not?
Yes. Your system is really hosed, so you boot it with a LiveCD to read the logs. Does your LiveCD include readJournalLog? Do you really want to play with that possibility?
syslog doesn't need the performance hit that writing binary records would give it. Recovery DOES need the transparency that text offers.
I don't get it: PS1='C:$(echo ${PWD//\//\\\} | tr "[:lower:]" "[:upper:]" | sed -e"s/\\([^\\]\\{6\\}\\)[^\\]\\{2,\\}/\\1~1/g" ) >' xterm I got a regular xterm with my regular PS1 prompt. Whoosh?!?
Aside, I liked both zsh and grml when I used them, but decided neither were necessary and not for me. Besides, unless you're a shell programmer wizard, you're not going to see a lot of differences between bash, ksh, and zsh. They all pretty much function the same at a user level. Well, except for the resources that zsh sucks up, that is.
... I could (probably) go on. It looks like they mostly assumed a UN login ID was pretty much a throwaway ID (minimal security, at best). I'm sure their people out in the field would appreciate their monumental indifference.
Explains a lot as to why this stuff was so easily cracked/hacked. Neither the UN nor its users cared, or maybe they just expected that it would eventually (inevitably?) be cracked.
Where the ambiguity comes in is where we draw the line as "private information". Is your conversation or web history considered private? You'd have to convince the courts should you take it that far.
No, I would not need to convince a court of anything. I would, however, talk to my cellphone provider to see if they did anything like this. If so, I'll find another provider that doesn't. If I can't find one, then I'll do without.
This is close to the most despicable business practice I've heard of in a long time. My provider runs a hidden keylogger/spyware app on my phone, for which I'm paying the bills?!?
I've read the CarrierIQ "Privacy and Security" disclaimer. I don't believe them. I've also read their "Mobile Service Intelligence" page:
What's more, the combination of the MSIP and IQ Insight lets you move seamlessly from broad trend data across many users, through comparative groups down to diagnostic data from individual devices. Now, not only can you identify trends, you have the power to drill down to specific instances, giving you the insight your specialists need to make a difference. [emphasis mine.]
Utterly unacceptable. I can absolutely guarantee that I will never in the future own a cellphone (or any other device) that won't submit to jailbreaking, specifically so I can avoid crapware like CarrierIQ.
You missed the most important question worth considering - in what formats will these records be maintained?
No. The most important bit is they'll be available. Conversion from one format to another isn't all that difficult, though it may be time consuming to do so, and lossy.
Just look at the output of "man -k 2" on a Linux box and see which ones of those are for converting a proprietary format to a more open format.
... they can forget you exist - which means you don't get credit for your work as you deserve.
They can, sure, but they're going to have to go out of their way to do it with me. email to manager & team lead: "Yo boss. I found and fixed another massive bug in $yada. All the logging the thing's been doing for the last decade is worthless. Oh, and it'll now work seamlessly with all our data centres anywhere in the world." It can also help a lot if $yada is something that everybody else is afraid to touch for fear of breaking it.
Communication is key.
To be able to avoid all the BS team meetings, interruptions from colleagues and managers, United Way recruiting drives, the waste of gas while marooned in parking lots on commuter routes twice daily,... Priceless!
... every one of the possible 2^256 AES-256 keys are valid.
I just wanted to point out, for those listening in, try:
echo "(2^256)" | bc
Uh, wow, that's a big number; 79 chars long. Add commas every three chars to make it "human readable", and it's 104 chars long. So big that/.'s lameness filter refuses to display it ("That's an awful long string of letters there.").
[/., that ought to be "awfully", fwiw. But who's counting?]
Keep in mind that while a degree demonstrates some level of knowledge in a particular field, it also demonstrates the ability to complete a long, boring and bureaucratic process. There is value in the [latter].
But anyone is capable of this, seriously.
Not true. Boredom and stifling bureaucracy has hounded me all my life. I can't stand sitting in a lecture hall where the speaker's putting me to sleep. I far prefer to slide out to the library, or arts & crafts, or anything where I'd actually learn something of some value.
A degree can also go some way to prove that the holder of it is partially an over-civilized sheep, one who can put up with pretty much anything and not complain. I seldom consider that kind of thinking virtuous. The situation won't improve when everyone just ignores the warts. It can improve if we refuse to put up with them.
Slashdot Mirror
I'm guessing that something's missing from the story here...
Just that their IT staff is incompetent..
It's a school system. That's a given.
Add to that, any IT staff they have are *way* less (in numbers) than they need. Also a given.
Have I mentioned my sister's a teacher? Or that we here appear to have three times as many school trustees (28 for a population of ca .7 million) as are necessary, and they are more busy spending funds on lavish head office buildings than on funding schooling?
Run for school trustee. What a cushy gig.
I have a linux box at my office next to a windows machine. The linux box has been broken two times.... that I know of, since the absence of linux AV software means that most intrusions likely go undetected.
FUD!
Clamav is old tech., if you insist on running AV software. Usually, the only reason you'd use it is your Linux box is the mailserver for your LAN's Win*/Mac boxes, and you don't want to pass malware on to them.
A properly configured *nix box won't be susceptible to malware, since they can only affect a user's $HOME, not the underlying system. Use a bulletproof root password, ensure only necessary services are running and are secured, and there's no reason why a *nix box would fall prey to any of the !@#$ that affects Win* daily.
Last I heard, > 70% of the net is driven by *nix in one form or another. Why is it that Google isn't pwned daily? :-O
IOW, BS.
So fine go tell the boss that you can't do it and then they say we can [find] [someone] that will and then who they get messes things up even more and you take all the blame and maybe even have to go to court after being sued / maybe even jailed for messing the system up.
See my .sig
You tell the boss you can't do it, means you've informed them that their assumptions are flawed and unreasonable.
They pull someone in to do it anyway, and they can't make it work, just like you said it wouldn't work.
How is it that you then get blamed for it not working? That "someone"'s failure proves you were correct and the boss was wrong.
Eh?!?
What's more ridiculous is that you insist on using terns that contain the word "fuck" and then use the substitution "fsck". If "fuck" is so impolite for you to use, then why not express yourself differently?
I'm screwing with the Pakistani forbidden word IM filter. :-)
Ah, the ignorant replying again. Must be because it's M$, and not the fact that its an underspecced system. ...
Throw a few more CASs at it
Grrr ... >:-(
(0) infidel /home/keeling_ dict cas
8 definitions found
From The Free On-line Dictionary of Computing (26 July 2010) [foldoc]:
CAS
1. {Column Address Strobe}.
2. (channel associated signaling) {in-band
signalling}.
From V.E.R.A. -- Virtual Entity of Relevant Acronyms (June 2006) [vera]:
CAS .NET, MS)
Code Access Security (VSTO,
From V.E.R.A. -- Virtual Entity of Relevant Acronyms (June 2006) [vera]:
CAS
Column Address Strobe (IC, DRAM)
From V.E.R.A. -- Virtual Entity of Relevant Acronyms (June 2006) [vera]:
CAS
Communicating Applications Specification (FAX, Intel, DCA)
From V.E.R.A. -- Virtual Entity of Relevant Acronyms (June 2006) [vera]:
CAS
Computer Aided Selling
From V.E.R.A. -- Virtual Entity of Relevant Acronyms (June 2006) [vera]:
CAS
Computer Algebra System
From V.E.R.A. -- Virtual Entity of Relevant Acronyms (June 2006) [vera]:
CAS
Content Addressed Storage (EMC)
From V.E.R.A. -- Virtual Entity of Relevant Acronyms (June 2006) [vera]:
CAS
Computerized Autodial System
This (see #6 & 7) is pretty funny too.
Back on topic, it seems a bit ridiculous that fscking NYC (FFS!!!) can't afford to buy the hardware & software needed to shore up this system. Wow. And I thought Sub-Saharan Africans and Bangladeshis had it tough.
What a clusterfsck!
dont you find it weird that governments are spying on their own citizens MORE than they spy on the enemy?
Not really. Because, when you get right down to it, the only real enemy of government officials are their own citizens who might fight to displace them.
Try harder. NAZI Germany wasn't taken offline by the German people.
Yeah, yeah, Godwin. Bleh.
This is why it keeps getting worse. None of [us] want to get our own hands dirty trying to fix it.
No, it's just that fixing stuff isn't that simple. If you don't do it right, it's a waste of time (and maybe worse). Do it right, and the problem never returns. Think like a geek: analyze the problem, design a solution, implement the design, test it to see if it actually fixes anything and works, ...
Nathan Hale might've had the right point of view, but he was a pathetic failure as spies go (ask the CIA). Guy Fawkes might have had a brilliant flash of insight, yet the British Parliament still stands and he was last seen alive in a noose. Brilliant insight plus crap implementation == FAIL!
On the other hand, George Washington had the right point of view *and* he was a brilliant spymaster. Ditto, Ian Fleming.
I prefer the latter. I want my efforts to produce results, not just get me into (eg.) Lubianka.
Like the saying goes: If builders built buildings the way that programmers wrote programs ...
Shitty saying. There's another (paraphrased): Crap programmers can write crap programs in any language.
Still another: An idea is not responsible for those who hold it. Just because Bill Gates had no idea what he was doing, doesn't mean all programmers have no idea what they're doing. Sweeping generalizations are *always* wrong.
Some (many?) crap programmers have created many deplorable situations. Happily, I'm one of the guys who gets called in to clean up their messes. When I leave, the problem's solved, never to return. They're left with one less unmaintainable mess.
May dmr's ghost haunt you to your grave, and beyond. >:-(
Are you SERIOUSLY speculating on a situation where your vital server is running off of WLAN?
Redhat has a few very popular downstream distros (Centos ring any bells?). If Redhat goes this way, it's likely they will too. However, they're not specifically distributing "Enterprise" class software as Redhat is. There's no telling where they might get installed.
Do you even do IT work for a living?
Ad hominem; slick. Have you completed your first year on HellDesk yet? :-)
Are you even aware that it is trivial and the work of an afternoon to re-roll a live distro with support for whatever you want?
Are you even recognizing why you'd need to do that? Because you can't read system logs because you, for whatever bizarre, so far unexplained reason, chose to write critical system logfiles that native *nix apps can't read.
To quote dailywtf, "Brillant!"
Again, WHY?!? For what problem does this provide a solution?!?
who gives a flying fuck?
You buy the plane ticket, and I will. Well, with consenting stewardesses, that is.
Or am I missing something here?
I use apple because their low population in the wild makes them unpopular targets for malware authors to write exploits for.
So, what's Linux' excuse, considering vast numbers of it installed on servers and numerous other devices power the web?
Hint: fragility makes Win* the preferred target, not popularity.
The point is that everyone is being ridiculous about this.
Possibly, but that includes *both sides*. I've yet to see anyone say *why* this's even being proposed. What is the problem that this approach solves? What's wrong with leaving the local logs text, and sending $whatever_format to the *LOGSERVER* to do as it pleases with them?
I certainly agree that a server is seldom going to find itself in a place lacking easy access to a network. Servers aren't the only things that FLOSS installs on, you know?
Besides, there's lots of live CDs. This'll have to propagate to SystemRescueCD, GPartedLiveCD, Freesbie, PCBSD, ...
WTF for?!? Just 'cause it *can* be done?!? That's foolish "make work" BS.
Does your LiveCD include readJournalLog?
I assume your live distro includes package management, right? Have you never installed wireshark, or vmfs support, or HFS+ support on a live cd?
Actually, no. :-) I've never needed them. I have had times when cat5 access to a router was necessary to complete an install, because wifi didn't work right off the bat.
No network access ~= $missing_some_special_app_just_to_read_syslog
WTF is the point of going that way? Is writing records out to syslog THAT CPU or I/O intensive? If so, WHY? I've worked on borked systems that were flooding /var/log with > 100,000 entries per day. THAT's what needed to be fixed.
I don't get it. readJournalLog ~= Windows Registry! Why go there?!?
http://starwars.wikia.com/wiki/Order_66
I find your lack of internet search disturbing
I nominate this for "most boring internet search EVAR!"
Fneh.
Oh FFS, option 66 is a crucial plot point in the third film that you would have had to have your head planted firmly in your ass to miss.
Uh huh. AND SOME OF US WROTE IT OFF AS RELIGIOUS DRIVEL WHEN IT FIRST SHOWED UP!!!111
Star Wars geeks are *the* lowest form of geeks. I pity you bastards.
Case in point: Annikin was a virgin birth. Oh, FFS! That again?!?
Religious Drivel!!!!111 # FFS!
Natalie..
oh wait, this thread isnt natalie vs keira vs scarlett,
it was about hackable routers...
doh!
+100 Insightful, damnit!
Is there any reason to assume that 'cat', 'tail', and 'grep' would function and 'readJournalLog' would not?
Yes. Your system is really hosed, so you boot it with a LiveCD to read the logs. Does your LiveCD include readJournalLog? Do you really want to play with that possibility?
syslog doesn't need the performance hit that writing binary records would give it. Recovery DOES need the transparency that text offers.
readJournalLog ~= Windows' Registry. Dumb. Seriously dumb.
I don't get it:
PS1='C:$(echo ${PWD//\//\\\} | tr "[:lower:]" "[:upper:]" | sed -e"s/\\([^\\]\\{6\\}\\)[^\\]\\{2,\\}/\\1~1/g" ) >' xterm
I got a regular xterm with my regular PS1 prompt. Whoosh?!?
Aside, I liked both zsh and grml when I used them, but decided neither were necessary and not for me. Besides, unless you're a shell programmer wizard, you're not going to see a lot of differences between bash, ksh, and zsh. They all pretty much function the same at a user level. Well, except for the resources that zsh sucks up, that is.
Look plaintext to me, but also look old.
And a whole lot of stupid:
Email Address -: loh333@aemail4u.com
Password -: loh333
Username -: loh333
Email Address -: c.inayatullah@undp.org
Password -: inayat
Username -: Inayat
Email Address -: hamed.mobarek@undp.org
Password -: hm
Username -: Hamed 9
Email Address -: seyhan.aydinligil@undp.org
Password -: seyhan
Username -: seyhan
Email Address -: maryanne.kelly@ons.gov.uk
... I could (probably) go on. It looks like they mostly assumed a UN login ID was pretty much a throwaway ID (minimal security, at best). I'm sure their people out in the field would appreciate their monumental indifference.
Password -: 000
Username -: Maryanne Kelly
Explains a lot as to why this stuff was so easily cracked/hacked. Neither the UN nor its users cared, or maybe they just expected that it would eventually (inevitably?) be cracked.
Where the ambiguity comes in is where we draw the line as "private information". Is your conversation or web history considered private? You'd have to convince the courts should you take it that far.
No, I would not need to convince a court of anything. I would, however, talk to my cellphone provider to see if they did anything like this. If so, I'll find another provider that doesn't. If I can't find one, then I'll do without.
This is close to the most despicable business practice I've heard of in a long time. My provider runs a hidden keylogger/spyware app on my phone, for which I'm paying the bills?!?
I've read the CarrierIQ "Privacy and Security" disclaimer. I don't believe them. I've also read their "Mobile Service Intelligence" page:
What's more, the combination of the MSIP and IQ Insight lets you move seamlessly from broad trend data across many users, through comparative groups down to diagnostic data from individual devices. Now, not only can you identify trends, you have the power to drill down to specific instances, giving you the insight your specialists need to make a difference. [emphasis mine.]
Utterly unacceptable. I can absolutely guarantee that I will never in the future own a cellphone (or any other device) that won't submit to jailbreaking, specifically so I can avoid crapware like CarrierIQ.
Ho. Ly. !@#$ :-O
You missed the most important question worth considering - in what formats will these records be maintained?
No. The most important bit is they'll be available. Conversion from one format to another isn't all that difficult, though it may be time consuming to do so, and lossy.
Just look at the output of "man -k 2" on a Linux box and see which ones of those are for converting a proprietary format to a more open format.
... they can forget you exist - which means you don't get credit for your work as you deserve.
They can, sure, but they're going to have to go out of their way to do it with me. email to manager & team lead: "Yo boss. I found and fixed another massive bug in $yada. All the logging the thing's been doing for the last decade is worthless. Oh, and it'll now work seamlessly with all our data centres anywhere in the world." It can also help a lot if $yada is something that everybody else is afraid to touch for fear of breaking it.
Communication is key.
To be able to avoid all the BS team meetings, interruptions from colleagues and managers, United Way recruiting drives, the waste of gas while marooned in parking lots on commuter routes twice daily, ... Priceless!
... every one of the possible 2^256 AES-256 keys are valid.
I just wanted to point out, for those listening in, try:
echo "(2^256)" | bc
Uh, wow, that's a big number; 79 chars long. Add commas every three chars to make it "human readable", and it's 104 chars long. So big that /.'s lameness filter refuses to display it ("That's an awful long string of letters there.").
[/., that ought to be "awfully", fwiw. But who's counting?]
Keep in mind that while a degree demonstrates some level of knowledge in a particular field, it also demonstrates the ability to complete a long, boring and bureaucratic process. There is value in the [latter].
But anyone is capable of this, seriously.
Not true. Boredom and stifling bureaucracy has hounded me all my life. I can't stand sitting in a lecture hall where the speaker's putting me to sleep. I far prefer to slide out to the library, or arts & crafts, or anything where I'd actually learn something of some value.
A degree can also go some way to prove that the holder of it is partially an over-civilized sheep, one who can put up with pretty much anything and not complain. I seldom consider that kind of thinking virtuous. The situation won't improve when everyone just ignores the warts. It can improve if we refuse to put up with them.
You know the old saying: those who fail to learn from history are doomed to forever work in the private sector.
That's damned near the funniest, and most true, statement I've ever seen on /. Thanks. :-)