Most security people are minimum wage. I see people talking about flashing cards and cans of food, etc. This is not a surprise.
I once entered the R&D area of a fortune 500 company using an ID that was printed on an ink jet printer and had my picture and the CIA logo on it. I was questioned and just flashed the card. That ended all questions.
When I was managing a computer company, I came back from lunch to find the lead chatting with a guy. The guy introduced him self as the fire marshal and the lead informed me that there was a Fire Inspection going on. The "Fire Marshal" told me I could not go into the back while the inspection was going on. I proceeded to enter the back to find the "Inspector" inspecting the computer equipment. Right out the back door!
The truth is that most people will not question you, provided you look like you belong and have some form of ID to back it up.
Now it is time to go to the uniform store and get a security guard uniform. I think ill stand next to the night deposit box at the bank. Just to see how many people will give me there deposits when I tell them that the deposit box it broken and I am there to collect and secure there deposit.
which are designed, ironically, to get people to BUY the content, not as the mechanism for people to permanently obtain pristine digital copies
Have you downloaded music from the net? Pristine is not what you get; it is what the record labels use as an excuse to not allow it. Half the time I get good, or ok copies until I buy the CD. Then I get pristine!
Music that is cut off at the end, has 30 sec of music followed by static, plays half way through then stops due to a bad bit rate change, etc. Sure you can download music but it is in no way PRISTINE!
#1) It made a trade pub. #2) It generated interest in their product. #3) It made them look good. #4)It can be pointed to when something breaks.
Support is one of the weaker areas of OSS. So I see it going something like this.
Look at the e-week article; we tried to work with the OSS community to the benefit of the customer. They just broke it again. Try to contact them with the issue.
Implied in the article then, a Windows 2003 server would have to be "up" approximately 20% more to satisfy the "claim". Now, I am not a calendar "expert", but I'm having a difficult time believing that Windows 2003 server is up an average of 364 * 1.2, or 436.8 days a year. If it is, I'm buying.
Hmmm maybe they tested Windows on Mars and Linux on Earth. That way they had 669 days a year for the windows system and only 365 for the linux one.:O
#1) Is there a reason that it can not be integrated into closed source? Other than "We are smarter and you should be too." Open source is a great thing but, to get to the masses we need to accept that others may not be using our open source OS!
Can people not write simple open source drivers to integrate real-time hard drive encryption into closed source OS's?
Can people not develop easy to use plugging for the other closed source software?
#2) The whole key management is a difficult task. I work with people that need to use/Must use encryption. I end up doing there key management because they have no clue what a key ring, key server, public key, and private key is.
It seems to me that there is a lot of room for improvement and few seem to want to take the time or make the effort.
I read people posting about using encryption to stop the government creep into our private lives. Well boys and girls, where is it? We are the people who know the systems and programming. We are the leaders of the IT revolution and what do we do? We make great encryption systems that are so complicated that no one out side of the technically competent can use them! Hell I have problems using encryption and I used to run an anon site that dealt with protecting your privacy by the use of encryption! Have you looked at the arguments for gpg or pgp? The average person can not figure out how to use it, there is little to no integration into e-mail, IM's, PM's, etc. and when it is integrated it is so complicated to install and use, that the average Joe on the street would stop reading after the first paragraph of the instructions! We all missed the ball on this one! Now is the time to start developing the next generation of integrated encryption. The government will not do it, it is not in there best interest to secure communications. Big business will not do it, it is not in there best interest! So it is up to us! Oh who am I kidding, Technical people could never develop a good/simple to use/easy to install encryption system.
That seems to be the first question I am asked in a technical interview. Why would an UNIX admin/manager need to know the 7 layers? 2 or 3 of them, sure but all 7?
The truth is, The degree does not mean squat! Heck the experience does not even seem to mean anything. If it did (with my 15 years in the field) I would not be asked to name the 7 layers of the OSI model. The certs do not seem to mean anything. So what is left? HR people just call one of there technical people in and have them quiz the new applicant. The technical person seems to take the stance of "Lets prove I am smarter than the new guy" and add questions like "In Linux what is init level 3?" and does not accept "Anything you set it to when you edit the/etc/inittab!"
More recently I was asked "Where is Apache installed on Solaris 9?" I responded with "The install is a compile time option, so it is where ever you set it to be." I was told I was wrong because the package they get from their packaging department always installs in the/opt dir.
The issue is that HR departments and hireling managers (non-tech) have no way to judge an individuals skills. They have found that the guys with degrees do not always know what to do, Resumes are faked or fudged, and certs can be made with a good laser printer. What is left? They start to look for people that have experience in just the apps and hardware they have then have there existing guys judge there skills. Is there a better way? I really do not know, although I would start by teaching the general IT people how to interview. It mite make it a little easier.
although obtaining a warrant would force one to give up encryption keys
Even with a warrant they can not force you to give up your encryption keys. There is this thing called the 5th amendment to the constitution.
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
You can take the 5th when questioned about your keys. No matter what they do they can not compell you to give them that information.
Please provide a source that doesn't include the words "marijuana" or "cannabis" in the title or domain name.
This may be hard. The plants botanical name is cannabis sativa and cannabis indicia. So you are asking that I find a scientific paper that does not included the scientific name of the plant.
Are you aware that marijuana is the Spanish name for the same plant?
It is hard to split the difference because marijuana and HEMP are the same plant. There are just minor variations, it is like the difference between Sweet corn and Field Corn. They are the same plant, you would be hard pressed to tell the difference until you taste them.
You can get 1300 per acre. With proper management you can get 3 crops a year or 3900 pre acre per year. That puts it just under the 5000-20,000 that they claim the algae can do.
Which would you prefer, fields of green plants or fields of cesspools?
You also must take into account the other products and the reduction in deforestation, the reduction in cotton (Which reduces the pesticides and water used) the reduction in plastics. It seems to me to be a better all around solution. I am not saying that the algae is not a good idea, I just think that making it the only solution is wrong and the other solutions could contain or at least consider hemp as a source.
So what you are saying is that I am full of shit. Right now no one will take my shit, But in the neer future, someone may happly pay me to give them shit?
1300 gal of bio diesel The equivalent amount of paper as 10 acre's of trees The equivalent of 5 acres of cotton in cloth. Hemp Seed flower (For cake, bread, etc) and Pulp products that can replace cardboard and many plastic products.
This is from the different parts of the plant. That means that you get ALL of them at the same time. Not just growing corn for fuel and throw away the rest.
So let me get this right, real money and game money are interchangeable.
So you knock up your virtual girl friend, she gets pregnant and has a kid, costing you $25,000 real dollars for a virtual hospital, virtual delivery room, and virtual doctors. Then they slowly drain your bank with virtual housing, virtual food, virtual birth days, virtual college, etc. Pretty soon you are broke, mowing your virtual lawn, around your virtual house and listening to the virtual wife bi*ch at you about what a looser you are. All the time sitting in your real apartment with no money because it virtually vanished right before your eyes.
I am agianst wind power, the cumulative effect of removing that much wind energy from the environment will reduce the total air movement around the world. With the reducion in wind currents the earth will be unable to cool itself, causing global warming.;)
The first time I installed linux was on a 386 (Slackware 0.99) I have always run it in one form or another. I have had experances like this and it saddens me that such a great OS gets plagued with people like this.
I am not a programmer, I am an Admin!
So I noted a problem in the game OOLite (Great game) and posted on the board that it was locking up. The responce
DEV: Recomplie the src with --debug load it into gdb and do a trace on the lock up. Then post the output.
ME: umm Great what is gdb and how do you use it?
DEV: NO Responce!
It still locks up, oh well I just keep waiting for a new release to fix the problem.
So let me get this right, Windows viruses exploit bugs in windows to work and windows has to patch the bugs to stop the virus.
In Linux the virus uses proper programing methodology to work, exposes a bug in the 2.6.16 kernel and will not run on 2.6.16, which Linus fixes. So now the virus works across the borad.
This seems to boil down to.
Windows == Oh my god a virus, quick fix the bug and stop the virus.
Linux == Hmmm, it works everywhere expect on the 2.6.16 kernel. Lets fix the kernel and make it work on all linux systems.
I guess it just shows that even a well writen virus on linux is no real threat.
But then again I paied 19$ cash for my Cell phone and buy 25$ (cash) worth of minuets each month. Untracable, Anonymous, and Desposable, Just the way a cell phone should be. I can drop the phone in the trash every 90 to 120 days and get a clean phone that is untracable.
Learn the system, learn ways around it, and you can remain anonymous as well.:)
Let the punishment fit the crime went out with the "War on Drugs" Now it is punish the H*LL out of them and hope they do not do it again.
Example: 4oz of Pot = 25-life Years in jail Forcing a Child to preform a sexual act on camera = 15-30 Years in Jail 1 Count of Child Molestation = 10-20 years in Jail Murder = 25-Life Years in Jail
You will need to start by convincing management that you need the help.
#1) if you do not have one, set up a trouble ticket system and use it. This gives you the ability to track the number of jobs you are working on as well as the time you spend working on them.
#2) Generate monthly reports from it. Show the number of jobs, amount of time spent, The overall amount of down time. Categorize them into low, medium, and high issues.
Once you have a few months of this, you can show the need for help.
I have found that explaining stuff to management can be difficult. I like to use car analogies as it tends to get the point across. You should work on coming up with simple analogies to get your point across.
It will take some work, the first step is to provide them with reports that show the work you are doing. I do not know how many servers you have, but look up best practices. Several outline how many people you should have. When last I looked it was suggested that you have an admin per 35 servers.
Make sure you have the data to back up your claim of needing a computer department.
Slashdot Mirror
Most security people are minimum wage. I see people talking about flashing cards and cans of food, etc. This is not a surprise.
I once entered the R&D area of a fortune 500 company using an ID that was printed on an ink jet printer and had my picture and the CIA logo on it. I was questioned and just flashed the card. That ended all questions.
When I was managing a computer company, I came back from lunch to find the lead chatting with a guy. The guy introduced him self as the fire marshal and the lead informed me that there was a Fire Inspection going on. The "Fire Marshal" told me I could not go into the back while the inspection was going on. I proceeded to enter the back to find the "Inspector" inspecting the computer equipment. Right out the back door!
The truth is that most people will not question you, provided you look like you belong and have some form of ID to back it up.
Now it is time to go to the uniform store and get a security guard uniform. I think ill stand next to the night deposit box at the bank. Just to see how many people will give me there deposits when I tell them that the deposit box it broken and I am there to collect and secure there deposit.
So that would be the Christian right?
which are designed, ironically, to get people to BUY the content, not as the mechanism for people to permanently obtain pristine digital copies
Have you downloaded music from the net? Pristine is not what you get; it is what the record labels use as an excuse to not allow it. Half the time I get good, or ok copies until I buy the CD. Then I get pristine!
Music that is cut off at the end, has 30 sec of music followed by static, plays half way through then stops due to a bad bit rate change, etc. Sure you can download music but it is in no way PRISTINE!
The article served its purpose.
#1) It made a trade pub.
#2) It generated interest in their product.
#3) It made them look good.
#4)It can be pointed to when something breaks.
Support is one of the weaker areas of OSS. So I see it going something like this.
Look at the e-week article; we tried to work with the OSS community to the benefit of the customer. They just broke it again. Try to contact them with the issue.
I ditched dell when I called support. 50+ laptops to set up, and all of them were blue screening when you plugged in the USB port replicator.
Dell's support suggested reinstalling the OS from the supplied CD. I did it and it still blue screened.
Dell's response
"Well, if reinstalling the OS did not solve the problem. You need to reformat the drive and reinstall the OS."
What a solution.
It is good to see them claming support of Linux, the question is will there support be better than it has been?
As it stands UWB runs from 3.1GHZ to 10.6GHZ. Radio in this band operates much like visible light
:)
Oh Microwave. Now your usb harddrive will save your data and cook your eggs all at once
Implied in the article then, a Windows 2003 server would have to be "up" approximately 20% more to satisfy the "claim". Now, I am not a calendar "expert", but I'm having a difficult time believing that Windows 2003 server is up an average of 364 * 1.2, or 436.8 days a year. If it is, I'm buying.
:O
Hmmm maybe they tested Windows on Mars and Linux on Earth. That way they had 669 days a year for the windows system and only 365 for the linux one.
And you make my point...
#1) Is there a reason that it can not be integrated into closed source? Other than "We are smarter and you should be too." Open source is a great thing but, to get to the masses we need to accept that others may not be using our open source OS!
Can people not write simple open source drivers to integrate real-time hard drive encryption into closed source OS's?
Can people not develop easy to use plugging for the other closed source software?
#2) The whole key management is a difficult task. I work with people that need to use/Must use encryption. I end up doing there key management because they have no clue what a key ring, key server, public key, and private key is.
It seems to me that there is a lot of room for improvement and few seem to want to take the time or make the effort.
I read people posting about using encryption to stop the government creep into our private lives. Well boys and girls, where is it? We are the people who know the systems and programming. We are the leaders of the IT revolution and what do we do? We make great encryption systems that are so complicated that no one out side of the technically competent can use them! Hell I have problems using encryption and I used to run an anon site that dealt with protecting your privacy by the use of encryption! Have you looked at the arguments for gpg or pgp? The average person can not figure out how to use it, there is little to no integration into e-mail, IM's, PM's, etc. and when it is integrated it is so complicated to install and use, that the average Joe on the street would stop reading after the first paragraph of the instructions! We all missed the ball on this one! Now is the time to start developing the next generation of integrated encryption. The government will not do it, it is not in there best interest to secure communications. Big business will not do it, it is not in there best interest! So it is up to us! Oh who am I kidding, Technical people could never develop a good/simple to use/easy to install encryption system.
I have 2 PhD's, the first year of college I went to the first week of classes and the last week of classes and passed with a 3.0.
Going to class is not necessary if you know the stuff they are teaching and the college will not let you test out of classes.
That seems to be the first question I am asked in a technical interview. Why would an UNIX admin/manager need to know the 7 layers? 2 or 3 of them, sure but all 7?
/etc/inittab!"
/opt dir.
The truth is, The degree does not mean squat! Heck the experience does not even seem to mean anything. If it did (with my 15 years in the field) I would not be asked to name the 7 layers of the OSI model. The certs do not seem to mean anything. So what is left? HR people just call one of there technical people in and have them quiz the new applicant. The technical person seems to take the stance of "Lets prove I am smarter than the new guy" and add questions like "In Linux what is init level 3?" and does not accept "Anything you set it to when you edit the
More recently I was asked "Where is Apache installed on Solaris 9?" I responded with "The install is a compile time option, so it is where ever you set it to be." I was told I was wrong because the package they get from their packaging department always installs in the
The issue is that HR departments and hireling managers (non-tech) have no way to judge an individuals skills. They have found that the guys with degrees do not always know what to do, Resumes are faked or fudged, and certs can be made with a good laser printer. What is left? They start to look for people that have experience in just the apps and hardware they have then have there existing guys judge there skills. Is there a better way? I really do not know, although I would start by teaching the general IT people how to interview. It mite make it a little easier.
Maybe we should run more honey pots and make the info public.
:)
Mine gets hit all the time.
The hackers attempt to connect to Irc.hackcrew.cc (An irc server that has lots of bots on it.)
I also get to look at the files they try to download. Lots of neet scripts and hacks just waiting for me to take a look at them
If more of us ran honey pots and made the information public it would be harder for the kids to hide there stuff.
although obtaining a warrant would force one to give up encryption keys
Even with a warrant they can not force you to give up your encryption keys. There is this thing called the 5th amendment to the constitution.
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
You can take the 5th when questioned about your keys. No matter what they do they can not compell you to give them that information.
a search of http://www.google.com/search?hl=en&sa=X&oi=spell&r esnum=0&ct=result&cd=1&q=hemp+biodiesel&spell=1[Go ogle] provided quite a few.
Please provide a source that doesn't include the words "marijuana" or "cannabis" in the title or domain name.
This may be hard. The plants botanical name is cannabis sativa and cannabis indicia. So you are asking that I find a scientific paper that does not included the scientific name of the plant.
Are you aware that marijuana is the Spanish name for the same plant?
It is hard to split the difference because marijuana and HEMP are the same plant. There are just minor variations, it is like the difference between Sweet corn and Field Corn. They are the same plant, you would be hard pressed to tell the difference until you taste them.
You can get 1300 per acre. With proper management you can get 3 crops a year or 3900 pre acre per year. That puts it just under the 5000-20,000 that they claim the algae can do.
Which would you prefer, fields of green plants or fields of cesspools?
You also must take into account the other products and the reduction in deforestation, the reduction in cotton (Which reduces the pesticides and water used) the reduction in plastics. It seems to me to be a better all around solution. I am not saying that the algae is not a good idea, I just think that making it the only solution is wrong and the other solutions could contain or at least consider hemp as a source.
So what you are saying is that I am full of shit. Right now no one will take my shit, But in the neer future, someone may happly pay me to give them shit?
:)
Cool
I still think that HEMP is the way to go.
From 1 acre of hemp you can produce
1300 gal of bio diesel
The equivalent amount of paper as 10 acre's of trees
The equivalent of 5 acres of cotton in cloth.
Hemp Seed flower (For cake, bread, etc)
and
Pulp products that can replace cardboard and many plastic products.
This is from the different parts of the plant. That means that you get ALL of them at the same time. Not just growing corn for fuel and throw away the rest.
So let me get this right, real money and game money are interchangeable.
So you knock up your virtual girl friend, she gets pregnant and has a kid, costing you $25,000 real dollars for a virtual hospital, virtual delivery room, and virtual doctors. Then they slowly drain your bank with virtual housing, virtual food, virtual birth days, virtual college, etc. Pretty soon you are broke, mowing your virtual lawn, around your virtual house and listening to the virtual wife bi*ch at you about what a looser you are. All the time sitting in your real apartment with no money because it virtually vanished right before your eyes.
I am agianst wind power, the cumulative effect of removing that much wind energy from the environment will reduce the total air movement around the world. With the reducion in wind currents the earth will be unable to cool itself, causing global warming. ;)
The first time I installed linux was on a 386 (Slackware 0.99) I have always run it in one form or another. I have had experances like this and it saddens me that such a great OS gets plagued with people like this.
I am not a programmer, I am an Admin!
So I noted a problem in the game OOLite (Great game) and posted on the board that it was locking up. The responce
DEV: Recomplie the src with --debug load it into gdb and do a trace on the lock up. Then post the output.
ME: umm Great what is gdb and how do you use it?
DEV: NO Responce!
It still locks up, oh well I just keep waiting for a new release to fix the problem.
So let me get this right, Windows viruses exploit bugs in windows to work and windows has to patch the bugs to stop the virus.
In Linux the virus uses proper programing methodology to work, exposes a bug in the 2.6.16 kernel and will not run on 2.6.16, which Linus fixes. So now the virus works across the borad.
This seems to boil down to.
Windows == Oh my god a virus, quick fix the bug and stop the virus.
Linux == Hmmm, it works everywhere expect on the 2.6.16 kernel. Lets fix the kernel and make it work on all linux systems.
I guess it just shows that even a well writen virus on linux is no real threat.
I have been called paranoid for running my own mail server and not using one of the many free ones.
Then friends called me crazy and paranoid when I encrypted the servers HD with AES256 requiring some one to be there when the system boots.
Then they laughed when I installed the thermite packs over the drives with a kill switch what would burn the drive at the push of the button.
They giggled when I made the interface for the thurmite accessible through the web so I can kill it from anywhere in the world.
Now they are calling me asking if they can use my mail server.
I am paranoid!
Just remember that the definition of paranoia is "A healthy understanding of the way the universe works"
Well I dont see a problem with it :P
:)
But then again I paied 19$ cash for my Cell phone and buy 25$ (cash) worth of minuets each month. Untracable, Anonymous, and Desposable, Just the way a cell phone should be. I can drop the phone in the trash every 90 to 120 days and get a clean phone that is untracable.
Learn the system, learn ways around it, and you can remain anonymous as well.
Let the punishment fit the crime went out with the "War on Drugs" Now it is punish the H*LL out of them and hope they do not do it again.
Example:
4oz of Pot = 25-life Years in jail
Forcing a Child to preform a sexual act on camera = 15-30 Years in Jail
1 Count of Child Molestation = 10-20 years in Jail
Murder = 25-Life Years in Jail
You will need to start by convincing management that you need the help.
#1) if you do not have one, set up a trouble ticket system and use it. This gives you the ability to track the number of jobs you are working on as well as the time you spend working on them.
#2) Generate monthly reports from it. Show the number of jobs, amount of time spent, The overall amount of down time. Categorize them into low, medium, and high issues.
Once you have a few months of this, you can show the need for help.
I have found that explaining stuff to management can be difficult. I like to use car analogies as it tends to get the point across. You should work on coming up with simple analogies to get your point across.
It will take some work, the first step is to provide them with reports that show the work you are doing. I do not know how many servers you have, but look up best practices. Several outline how many people you should have. When last I looked it was suggested that you have an admin per 35 servers.
Make sure you have the data to back up your claim of needing a computer department.