Slashdot Mirror


User: Penguinisto

Penguinisto's activity in the archive.

Stories
0
Comments
5,947
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,947

  1. Re:Completely Rigged on The Student vs Hacker Security Showdown Rematch · · Score: 1

    If you put your servers physically in the hands of an attacker, there is nothing you can do to stop them quite by definition.

    Of course there is. You can encrypt drives, encrypt information, use secure Mobos, etc.

    Eh?

    Seriously... I've never heard of a "secure mobo" in a production server - ever. Sure, you can password-protect the BIOS, rig up the handy physical intrusion alarm on the box (if there is one) and whatnot... but, umm, I don't see that as fitting your definition as used.

    Encrypted drives? Cool... until you have to restore the things from backup a couple of years later and no one has the password, because the admin who installed it never wrote it down anywhere, and he left the company a long time ago... and of course that doesn't insure that the data hasn't been rsync'd or copied locally to someone else's un-encrypted desktop, laptop, server...

    It'd be a lot easier to just lock the things up in a room where only the admins and damned few others have access, like the vast majority of us schleps in the biz do...

    /P

  2. Re:Strange that they don't allow that, eh? on The Student vs Hacker Security Showdown Rematch · · Score: 1

    What? You think most sys admins are trained in network security? Think again. :)

    One would think that they at least were taught enough to set up an iptables/ipfilter ruleset that refuses all inbound connections except the services that are actually being used by a given server...

    My big contention though is on the part that read like 'oh NOES! teh Linucks boxen were hax0red when the BIOS pw wuz reset at the mobo!" well... no shit. I'll try and remember that bit of golden discovery the next time I leave my servers running just outside, in some dark corner of the loading dock somewheres... cripes.

    /P

  3. Re:How? on Do You Allow Webmail Use on Your Network? · · Score: 1
    Depends on if the man's home computer (or worse, a laptop) gets stolen, an exploit comes out, etc...

    "However, if you treat people like untrustworthy idiots, they're going to be less likely to want to go the extra mile for the company."

    If you explain it in those terms, yes. OTOH, if you explain that you're simply wanting to limit avenues of possible infection that would otherwise be beyond your ability to prevent (which is what you're doing w/ such a policy), then it makes sense, and the users don't get slighted by any implications.

    /P

  4. Re:How? on Do You Allow Webmail Use on Your Network? · · Score: 1

    So who's to blame when your gmail account gets cracked and your company's IP gets stolen? Your sysadmins for "forcing" you to use gmail?

    Ditto on that one... I found it much, much eaiser to simply up the limits (courier has something like a 10MB limit by default I think; others are similar - but they're drop-easy to lift). Disk space? No prob. If it started to look like it would get tight, I'd ask for more from the Array, pointing to the increased usage as justification.

    'course, it would be easier to just fix the source of the problem and allow some ssh love to come in from the remote user's host to a specific server or jail set up in the DMZ, then have scp do the heavy lifting from there ('doze users have cygwin and PuTTY, so what's the prob?)... This leads me to wonder why something like that hadn't been done already.

    /P

  5. Instead of a whole box... on The Commodore Comeback at CeBIT · · Score: 1
    ...can we get hold of that machine emulator thingy separately and install it on our home box? I'd definitely pay for that, but not for the whole box (which is kinda useless in my home office, stuffed to the gills w/ machinery as it is...)

    /P

  6. Re:Viacom is right, google is wrong on Viacom vs. YouTube - Whose Side Are You On? · · Score: 1
    "And how is it that usenet has survived all these years?"

    Probably due to the vagaries of propagation and the buffer space that have plagued USENET ever since more than three NNTP servers were active on the Internet. Because of limitations in how much one can conceivably post at one time, most of your warez and other binaries are chunked-out into sequential (usually)MIME-encapsulated packages that have to be re-assembled in order... else the whole thing falls flat.

    The vagaries come in when you realize that 1) propagation is never linear in time or path (sometimes part B of something shows up, then X, then N, then A, then C...), 2) it is never consistent (some parts never really make it altogether, because the one copy of it got pushed off a buffer somewhere on its way off the parent NNTP server), and 3) odds were good that the results were a fake (just like a lot of p2p nowadays, come to think of it...)

    Considering that a max-sized MIME chunk was/is(?) usually 30K lines or so, and that a typical 1MB file would break out into a couple hundred chunks by itself... how well d'ya think a 600MB warezed DivX would distribute?

    Even the MP/RIAA are smart enough to realize this...

    (besides, NNTP headers can be and have been very easily faked since the dawn of time... tracing someone nowadays is prolly infinitely harder than it was then, as late as the '90s, when it was still pretty rough work for someone trying to track down a newsgroup bomber, forgery, or other miscreacncy).

    /P

  7. Re:Actually, I don't. on First Look at RHEL 5 - From the New, More Open Red Hat · · Score: 1
    Hell, I'm just lazy and use kickstart with "skipx" sitting right there in the ks.cfg file.

    No freakin' idea what percentile that puts me in, though...

    /P

  8. Re:Eh? on First Look at RHEL 5 - From the New, More Open Red Hat · · Score: 1
    "If that's the case, why do those 99.00000% of sysadmins install X to begin with?"

    Even if you install X, it doesn't mean you have to use it on a running server. Try this: Go to any Linux machine running X, hit Ctl+Alt+F1 (or just open a terminal @ the desktop), get root, and then type "telinit 3" and hit Enter...

    *poof* - no more GUI. :) (X gets shut off @ runlevel 3, and you don't need 5 for all of the actual server stuff).

    /P

  9. Re:Eh? on First Look at RHEL 5 - From the New, More Open Red Hat · · Score: 1
    ...could prolly do it with WMIC... ('course, that'll leave a shedload of MCSE's out in the cold :) ). Also. as brother poster mentioned, you can manage Active Directory remotely, using the desktop GUI.

    OTOH, even with RIS and an answer file, Vista and Win2k3 both do the GUI thang locally on install, I believe.

    /P

  10. Re:Eh? on First Look at RHEL 5 - From the New, More Open Red Hat · · Score: 1
    Neither would I, but the guy did mention Vista specifically.

    /P

  11. Eh? on First Look at RHEL 5 - From the New, More Open Red Hat · · Score: 4, Funny
    ...just install it w/o Runlevel 5 coming on by default, just like 99.00000% of sysadmins do w/ RHEL.

    (now if'n you can get Vista to install w/o a GUI, well - that I've gotta see...)

    /P

  12. Re:Wait, what? on Shuttleworth Tells Linux Users to Stop Being So Fussy For OEMs · · Score: 1
    hehe - I know the C64 technically wasn't a game console, but to most of the families buying it, it pretty much was. (besides, I couldn't resist. Should've included the TRS-80 and TI-99/4A in there just for giggles).

    /P

  13. Re:Wait, what? on Shuttleworth Tells Linux Users to Stop Being So Fussy For OEMs · · Score: 1
    To be fair, I believe the Atari 2600 I got at a young age came with two cartridges in the box: Breakout (for the paddles) and Combat (for the joysticks). Intellivision also came with a Football game, I think. Forgot what the C64 had, or even if they did...

    /P

  14. Re:Negative PR? Yeah... sure. on Halliburton Moving HQ To Dubai · · Score: 1
    Err, not quite. You see, I'm not making any direct (or even indirect) analogy, nor have I myself made any assertion of comparison, to wit: I only repeated some of the names that the company has been called - that one merely sprang to mind faster than the rest.

    As for the question of whether or not they deserve such bile, or whether or not these names are apt? I'll leave that to the individual reader's ideology - I for one refuse to participate any further in media-stoked drama; I've wasted too much of my time doing that over the years as it is. I'll leave the forum-shouting to the unthinking out there - most of which will fervently believe their appointed ideological leaderships, as surely and as tenaciously as a freshly-minted nun follows the words of a certain gent living in Rome.

    I prefer to make up my own opinions, without the help of propaganda from either direction.

    (Besides, 1995 called - they want their debating tactics back... ;) )

    /P

  15. Negative PR? Yeah... sure. on Halliburton Moving HQ To Dubai · · Score: 1
    Forgetting for a moment who they are, do you blame them? I mean, what makes anyone think that Halliburton's public image (currently considered to be somewhere between "locus of evil" and "The Fourth Reich" according to some) is going to suffer any further than it already has by moving offshore?

    /P

  16. Re:I know nobody wants to admit it... on Mobile Carriers Cry "Less Operating Systems" · · Score: 1
    Dunno ab't mobile programming per se, but it wasn't expensive at all (and still isn't) to keep a Win32 and OSX port of a full 3D compositing app whose UI is consistent and sharp-looking across both platforms, with the only variations being OS-specific. OTOH, it weas designed for multiple platforms from the ground up, and uses a UI toolkit (Qt) made for multiple platforms. (The app is a free download for OSX and Windows - grab both and compare if you'd like).

    All it really takes is for the dev team to use their heads when they design and spec the thing.

    /P

  17. Re:Ignorance is just so wonderful to see in action on Why Dell Won't Offer Linux On Its PCs · · Score: 1
    That's weird... because all of my Linux and FBSD machines here at work report the same thing they always have:

    (hostname-removed):~ # date
    Mon Mar 12 15:25:24 GMT 2007

    Meh... s'wat I get for working for one of them thar multi-national corporational-type critters what spans multiple timezones.

    (Now Java OTOH... well, that took pushing out a patch; scripted it in less than 10 minutes).

    /P

  18. Re:Ignorance is just so wonderful to see in action on Why Dell Won't Offer Linux On Its PCs · · Score: 1
    I agree on the lack of examples in man pages, but I've often found that the command "info (program)" will provide syntax examples when "man (program)" doesn't.

    (the same is true in OSX' terminal BTW...)

    /P

  19. Re:BSCS Grads on Five Things You Can't Discuss about Linux · · Score: 1
    I kind of had that itching at the back of my head, but didn't really give it proper schrift, since I figured that employers (and way too many schools!) often have a very irritating habit of conflating the two.

    As for strict IS vs. CS? IMHO I'm kind of opposite your point... the best IS types tend to be the ones who were full-on codemonkeys or sparkchasers before moving up. Not that all developers become good PM's or IS/IT managers, but the most competent and best-liked folks I've ever met usually were devs or admins, and had some very good qualities about them, aside from personality. They actually have a solid grasp on what's involved, and set the goals on a strict but realistic schedule. They know enough about code/networking/t-shooting to actually pitch in and help when the deadline starts getting tight. Most of all, they act as a solid mentor when one of their guys/gals get stuck on something. These are things that can't really be taught with any kind of short-term 'paradigm' or technique, but they can make or break a project.

    I don't disagree that a management type can get his/her hands dirty and learn how it works in the trenches, but it kinda lacks the ability to build that 'gut instinct' IMHO, and it would probably take longer to build the hard-won experience that the one who approached it from the other direction has gained.

    /P

  20. Re:Linux servers can't be slashdotted? on Five Things You Can't Discuss about Linux · · Score: 2, Informative
    They can, but it takes a little more traffic to do it (or a very poorly configured install of Apache, where only, say, 10 httpd process threads are allowed or something)...

    Case in point: during Linux Lunacy 2002, I ftp'd up a recording of a round-table talk session (ab't the --then upcoming-- 2.6 kernel, w/ Linus Torvalds). The file was a ~60MB .ogg file (sorry - didn't have the presence-of-mind to compress the audio) to an anonymous server running at the school I taught at. It was an eMachines cast off with a P3 500 and 1GB of RAM, set up as a basic ftp/http file-shovelling machine. It ran RH 7.2, and was latched into a 100mb network, which was in turn hooked up to a nice sized slice of an OC-12 trunk that we were hosting for the Utah state gov't ISP (UEN). According to the IT department, the single-Cat5-linked static IP addy it bore reportedly chugged along at a sustained data transfer rate of something like a GB/hr for nearly two - 1/2 days straight. When I got back, it was running just fine. The only real thing I did to it during setup was to max out the mem cache and the # of processes it could spawn.

    That incident alone made me a firm believer in Linux' abilities.

    Now I won't discount that a heavily graphics-intensive website with tons of custom code (javascript, PHP, whatever) wouldn't have taken it down, or that if I had done a piss-poor job of setting it up... but if you set it up right and reasonably match the hardware to expected internal loads, I don't see why a Linux server would blow up under enormous loads... at least larger loads than IIS can bear on the same hardware.

    /P

  21. BSCS Grads on Five Things You Can't Discuss about Linux · · Score: 3, Insightful
    Nah - I've learned that most of 'em arrive in real world IT/developer shops and discover that they don't know jack (mostly because they were to busy learning concepts and using outdated stuff to do that).

    This leads 'em to do one of three things:

    1) (half) realize they can't hack it and go do something else for a living after a couple of years.

    2) (just under half) realize that they just have to step it up a notch and manage to do so with varying degrees of success.

    3) (jackasses like Enderle) realize they really can't hack it --but are too scared to try at an honest living-- so they either get a teaching certificate w/ the intention of making Education a career, or they become tech writers.

    (Caveat: as a guy w/ no CS degree, but is a Sr. Sysadmin at a Fortune 50 company, and has taught CompSci full-time at the collegiate level - these are only conclusions drawn from my experiences. Naturally, YMMV)

    /P

  22. Re:Union's don't reward excellence... on Higher Pay for Math and Science Teachers · · Score: 1
    "...how does one decide that one instructor's performance is better than another's?:

    Well, there are a few semi-objective methods about. That, or you could have a 3rd-party independent standards evaluation committee (somewhat similar to a hospital's use of JCAHO ). This group could then, with the right set up, easily (and covertly) observe and quantify performance on a teacher's deliverance of a given curricula and/or their subsets chosen randomly, in addition to evaluating student behavior and the teacher's reactions to it.

    You can even get specific. CompSci instructors (I worked as one for six years whilst riding out the foreseen dot-bust) can have their classroom lab policies and setups audited directly (e.g. if you're teaching subjects like networking and security, you'd damned well better have a reasonably efficient and secure network to suit conditions, have your machinery patched, and enforce reasonable segregation of use permissions). I'm sure other subjects would have their touchstones as well, and student papers (or copies thereof) could well be audited too. After all, a 12th-grade High School English student shouldn't be turning in final papers reading: "whin I wuz reeding th assinemint, I filt that the mane karacter wuz vry drametik..." (exaggerated yes, but the jist is the same).

    It would be a bit complex to implement (mostly to avoid having teachers and/or administrators rig the system or 'game' it), but it can be done.

    /P

  23. Actually... on What the GPLv3 Means for MS-Novell Agreement · · Score: 1
    SFU includes GCC.

    If'n that ain't GPL, I dunno what is.

    (I suppose I could get out my old dust-laden copy of SFU 3.5, and peek through it to confirm that there's a copy of the GPLv2 included, but...)

    /P

  24. ...why not tapes? on Google's Academic TB Swap Project · · Score: 3, Interesting
    I understand the whole "HDD w/ a common filesystem = more compatibility" thing, but wouldn't it be easier to simply send along some tapes of a type appropriate to the format/type that the scientific institution uses? LTO-3 can do 800GB compressed, SDLT can do up to 600... and neither is susceptible to data loss when it gets bounced too hard by FedEx/UPS/DHL/Whatever. (plus it would make for a lighter package, wouldn't require some poor IT schmuck to disassemble a server or wait forver for USB to transfer all of it, etc...)

    I'm not criticizing or anything; just curious is all.

    /P

  25. Depends on the clearance, I think... on Randal Schwartz's Charges Expunged · · Score: 1

    I still have mine from my previous position (they're a DoD contractor)... the SSBI only goes back 7-10 years, depending on the level of clearance you're after (e.g. a civil IT-3 rating only requires a light background check, IT-2 was something like 5-7 years back, and IT-1 was 10 years back). That said, IIRC I remember the SF-86 asking if you had ever had a felony or other conviction that wasn't, say, something little like a traffic ticket. If his conviction was expunged, I believe he can put that in there too... but he'd better be damned ready and able to explain it. Wouldn't kill his chances outright, but it would certainly make things damned tough. Big fat disclaimer: I'm keeping way the hell away from voicing any opinions as to the wisdom (or any lack thereof) of what the guy did, Intel's reactions to it, and suchmuch. Cheers, /P