Slashdot Mirror


User: JWSmythe

JWSmythe's activity in the archive.

Stories
0
Comments
6,545
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,545

  1. Re:Intelligence Op on One Broken Router Takes Out Half the Internet? · · Score: 1

    I have the data. I'd have to regenerate the map. But, it's out of date, so it's not as interesting to see as a current map. :)

  2. Re:Intelligence Op on One Broken Router Takes Out Half the Internet? · · Score: 1

        Well, these are traction elevators. On loss of power or fast descent, the brakes lock, to keep it from falling. No need to engineer a solution, when you know the power will come back eventually. :)

  3. Re:Intelligence Op on One Broken Router Takes Out Half the Internet? · · Score: 1

        Since I've toured more than a handful of them, and I know of quite a few more that I've never had a need to go to, I know it's more than a handful.

        Even in a single building, there are significantly diverse networks. It's not (always) as easy as "big pipe makes big building work". Sometimes they don't use only one common meet-me room.

        You'll find that the colo buildings aren't the Internet. They are just where a lot (but not a majority) of people are. Bandwidth doesn't necessarly transit through the building, it is just a branch.

        There are some pretty boring little buildings that I've been in, with no markings on the outside, in what would normally be boring locations, except if you hang out long enough, you'll notice new fiber is being installed almost constantly. I'm not even talking about the CO's. Providers put stuff where it's useful to them.

        One provider I delt with had all their major peerings on one side of town, with only a few hosting customers. In that facility, the local telco's and cable providers all met, along with all of the Tier 1 and Tier 2 providers in the area. It was cheaper and easier for them to use this well constructed building, with easy access to the ground (not constantly cutting up sidewalks), and the ability to close private roads for new work (easier than downtown streets)

          Most of the "hosting" providers were about 10 miles away. That provider had, I believe, 3 or 4 OC48's run into the business area with the hosting providers. Some of the other Tier1 and Tier2 providers piggy backed on them. Some ran their own transport other ways. Who's who? you just need to know who to ask at the facility you're dealing with. But remember, everyone believes their facility to be the biggest and best in the world. :) You don't start getting a real grasp of it until you've worked in at least a dozen or so.

  4. Re:Intelligence Op on One Broken Router Takes Out Half the Internet? · · Score: 4, Informative

        Aw heck, someone in Nebraska is going to trip over one power cord, and shut down the Interweb. :)

        In addition to using public maps, I did a lot more research. I had my own little project going for a little while. The project was intended to monitor for faults between datacenters we had equipment in. I added the root nameservers. I also had a few other points, such as friends houses and places they had virtual hostings at.

        Simply enough, it was running traceroutes from everywhere I had control to all points in my "network". I stored what router attached to each hop in a database.

        I located each hop simply by the city it was located in. Some were easy. Some weren't so easy.

        It was fun and games with 100 routers. I was manually setting city and state locations.

        It was a little less fun when it grew to 500 routers. I wrote regular expressions to take known naming conventions and make them into city names. That sounds easy, but it gets pretty hard pretty quick.

        It was a lot less fun when the list grew to several thousand routers.

        Basically, ever time there was a routing change, I found new routers.

        I had a lot of fun using both Google Maps to show the routes (for routers that I could place in a city), and a Graphviz model of the Internet as we observed it. It was a very big map. That was only what we had observed. I doubt we even saw a very small percentage (probably less than 0.01%) of the routes.

        The map got very very very complicated. I could point out choke points. They existed, but there were also alternative routes.

        Hell, even on a single good provider, there are no good choke points. On one Tier 1 provider that I used, in a non-core city, they had 6 diverse routes with OC192's. It wasn't a matter of me trusting them when they told me. I saw the routes showing up.

        There are 4 cities in the US, where if say a big nuke hit each one, ya, the Internet would be hurting. You may not get from Provider A to Provider B, but you'd still have some connectivity within your own provider, and other peerings would start working fairly quickly. More obviously, you'd find that some sites that are hosted in one city would be inaccessible. That's why geographic and topological diversity is very important for anyone who wants to keep their stuff up and running.

        Google puts stuff out all over the place for a reason. If a route, or a dozen routes, go funky, you'll very likely still be able to reach some datacenter.

        My office is connected by 3 uplinks. They're all with different providers. The odds of a provider outage killing the office is pretty slim. Other things can happen though. Lightning hit a transformer across the street, which serviced our building. From what people on that side of the building said, it was very pretty. :) Was our Internet connection dead? No. Well, not totally. We still had 2 uplinks working. We didn't have power for the desktops though. The UPS (a big one, not the little desktop ones) provides for the server room and a very few workstations.

        The biggest effect we saw from that outage was that cell phone service became minimal. The top of our building is also used for cell phone coverage. Without those antennas working, we only had service from the surrounding towers. It probably didn't help that there was now an office building full of people who were evacuated to the ground floor (it tripped the fire alarm), so almost everyone were on their cell phones making calls to customers, friends, family, etc.

        The most upset people were stuck in the elevator. They were already going downstairs for a smoke break, when it got stuck because those aren't backed up with anything at all.

       

  5. Re:Better analogy: Receipt number on Ontario Court Wrong About IP Addresses, Too · · Score: 1

        This is likely a jurisdictional difference.

        Plain sight as I was taught, is visible from public areas. Because they required a warrant to enter the property to start with (searching for stolen TV's) anything else is off limits. More than likely, they would use the observation (In the execution of warrant A, I observed....), and obtain a second warrant. By the time the warrant gets issued, I'm sure the hash smokers in the example would already be in handcuffs. You can be put in handcuffs for the protection of an officer. "I believed the individuals in the room may become combative, so we restrained them with handcuffs, and isolated them...." Once the second warrant is issued, it brings a whole new light to things.

        Really though, if the police were serving the warrant A, the people in the house would be pretty stupid to keep smoking and leave the door open. :) In most jurisdictions, you can demand that the full text of the warrant is read before anyone enters the property. Then again, this can vary. Like, if they know you may flush the drugs or whatever, they'll rush in, detain everyone (for safety, of course), and then serve the warrant.

  6. Re:Better analogy: Receipt number on Ontario Court Wrong About IP Addresses, Too · · Score: 1

    In the first, it was visible from a public area.

    In the second, it was only visible because they were granted limited access to a private area by court order. Court orders are very specific. Once in private areas that cannot be viewed from public areas, they are only allowed to see or look for what is specified in the warrant.

    They can arrest people in either case. Innocent people are arrested and charged all the time. (Virtually in jail is innocent, just ask them.) How it gets handled by the courts are a different matter. Because of the laws, variations of the laws by area, and proper (or improper) training of law enforcement, people are arrested and found not guilty all the time. Sometimes the difference between guilty and not guilty are just in how good your lawyers are, or sometimes in how gullible a jury is.

    Evidence can be excluded from a trial because it was obtained improperly.

    Something happened at my home last year. I can give the details of it. It was a sad natural event. It was reasonable for law enforcement to want to look around. I was offered a waiver of my rights for a warrant. If I signed, they were given unlimited rights to search the property for ANYTHING which MAY be related to the case. If I refused to sign, they would have contacted the courts for a search warrant that would have been much more specific.

    The warrant (or waiver) was a technicality. I had already given verbal permission for them to go anywhere in the house. More specifically, I offered drinks from the fridge, access to the restroom, and "anything else you may need".

    At least in my case, I had absolutely nothing to hide. My statement was absolutely in line with all of the physical evidence (i.e., I didn't lie). Officially, they did a crime scene investigation, but there was no crime, therefore no charges were brought up.

    Legally, unless there is a warrant, private property is off-limits to search and seizure. If it's a formality, or they believe you would be willing, you can be offered the waiver. Sometimes (depending on jurisdiction and opinion of the local judges) the simple question "May I look in/at ...", with a positive response, is sufficient.

    In the first example, the person never had to open the door. That was their own decision, which made the criminal acts visible by public view.

    You never, ever, ever, ever have to give a law enforcement officer permission for a search. Like, if you are stopped for a traffic violation, they cannot open the trunk of your car. They can ask, and you can say "yes", at which time you've given up your rights to privacy for that area. If you say "no", they have to have reasonable suspicion. Say you're carrying a kilo of marijuana. They can have a drug trained K-9 unit walk around the car. When it alerts to the trunk now they have reasonable suspicion. If they don't have a K-9 unit available, but have reasonable suspicion that you are transporting drugs, they can hold you at the site until they have a warrant. By refusing a search, either you do have something to hide, or you're just an ass making their jobs harder.

    Myself, I stay away from the problems. At most, I've transported a weapon or two. They are legal, and contained legally vehicle. I have been stopped for silly things, and advised the officer. It's safer that way for me. I'm not breaking any laws. I have nothing to be afraid of. If the officer goes beyond his legal rights, I may be arrested, which I will win against in court later.

    I was in a traffic accident a few days ago (another car changed lanes into me). While preparing my statement for the officer (a detailed diagram of the accident scene to avoid confusion), I left my car door open. He did look inside. There was nothing interesting to see. He did look through the tinted back window,

  7. Re:Better analogy: Receipt number on Ontario Court Wrong About IP Addresses, Too · · Score: 1

        I don't know about Canadian law, but in the US, there are some interesting variations.

        Can the police raid your house because they think there are drugs inside? No. Not without a warrant.

        Now say a police officer walks up to your house and knocks on the door. He could be there for any reason. "Have you seen anything suspicious lately?" When you open the door, he sees several kilos of what appears to be drugs, and an uzi sitting on the coffee table, can he raid the house? Yes.

        During a traffic stop, can a police officer search your car? No. Not without a warrant.

        During a traffic stop, a police officer looking through the window notices the butt of a gun sticking out from under the seat. Can he search your car? Yes.

        But, to make things more interesting...

        A police officer sees a known prostitute walking into a house. Can he raid it? No. He has no probable cause. Even if he sees through a window that the prostitute and another person inside are having adult relations, he has no way of really determining if money or other goods were exchanged for that act.

        And, a warrant is only good for what it specifies.

        "This warrant is for the residence at AAAA and any other structures on the property. The probable cause affidavit provided by officer BBBB states that because of facts C, D, and E, it is believed that FFFF will be found inside, and accessories relating to that criminal act." There's a lot more to it, but that's the basics.

        If the warrant states that stolen TV's will be found in the back room, they can only (ONLY) search the back room for stolen TV's. If they see a darkened room full of people smoking hash, which is NOT the back room, they can't touch them. Not without a probable cause affidavit and a new warrant. They can't touch, arrest, etc, etc, those people, unless there is a direct threat to the officer(s).

        Then again, to make sure the paperwork is all in line, the police will simply station officers along the property, ensuring no one leaves, and wait for a new warrant. :)

        But... All these may be different by jurisdiction. It (unfortunately) changes by judges in the district too. Just because the law is written one way, the judges may or may not have a tolerance for particular actions.

        I suspect the belief of privacy for the users IP was declared a non-truth, because it was already known that he was a pedophile, and using his internet connection to traffic child pornography, and there's already a stack of evidence on both sides of the IP issue against the defendant.

        The ownership of the IP may become irrelevant, if they have other stronger evidence. The IP itself probably wasn't the only thing they had on him, it was just a confirmation of other facts.

       

  8. Re:tl;dr on Ontario Court Wrong About IP Addresses, Too · · Score: 1

        In decimal, it's 8 to 10 digits. As an IP, it's anywhere from 4 to 12 digits.

        1.0.0.0 is 16777216 in decimal (assuming the first octet must start with at least 1, not 0, for those who will argue it)
        255.255.255.255 is 4294967295 in decimal

        They're all 32 bit numbers.

        1.0.0.0 is 00000001000000000000000000000000
        255.255.255.255 is 11111111111111111111111111111111

        So, your IP is anywhere from 4 to 32 numbers. It's all in how it's represented. :)

  9. Re:1984? on False Fact On Wikipedia Proves Itself · · Score: 1

        No single source of information should ever be used.

        Anything written will contain unintentional bias by the author(s), misreported facts, and other errors.

        A well constructed article, research paper, presentation, etc, must contain facts from a variety of sources, who do not use each other for their primary source of information. Otherwise, the conclusion will be biased by the tainted facts.

        What should *REALLY* happen, which unfortunately has been disappearing in recent years, is the whole concept of fact checkers. Did someone call his office and ask for his full name? Did some check birth records. I don't know how birth records are handled in Germany. Would they have contained the full family name as shown? There are lots of valid authoritative sources for information. Unfortunately now, people just go to Google (or whatever search engine) and do a quick search to validate their assumption or fill in a few blanks, which may be with improper information.

        This is unfortunately difficult, where some sources will not discuss matters with the press (journalist or fact checker), without a public statement. It's a breakdown in the flow of information. Assumptions must be made to fill in the blanks. Sometimes mistakes are introduced, either intentionally or accidentally, but they frequently remain uncorrected.

        My news site ran a story a while back, source from another "professional" news agency. It was about the movement of several US Naval ships. Being that it came from a trusted source, it was assumed to be fact. We received an email from the mother of one of the sailors that said something to the effect of "That ship isn't where you said. It came to it's home port two weeks ago. My son is home right now, and they have no plans to go anywhere." A bit of searching and a few phone calls later confirmed this. We printed a retraction where the original story was.

        Despite our retraction, a few days later another very unreputable pseudo-news source used us as their source, and wrapped a whole conspiracy about it, with a forward looking statement equating to World War III. Since we're all reading this, and the world isn't a dead glowing rock in space, the war didn't start, there were no nukes flying, and the world didn't end. In the minds of the unreputable pseudo-news source, we must be part of the conspiracy.

        It's fun to cherry pick facts for stories, but it doesn't make the resulting story true. Running less than the truth results in gaining a reputation for lies. I want to maintain a reputation for the truth. Of over 20,000 news stories we've run, I believe we've only needed to retract 3.

  10. Re:turn tables on How To Argue That Open Source Software Is Secure? · · Score: 5, Insightful

        An obvious one would be....

        "So, why do my non-public facing workstations constantly get viruses; my public facing Windows machines get exploited; yet my non-public facing Linux machines have no security problems; and my public facing Linux machines have never been exploited. They're all patched in accordance to the distribution guidelines."

        To appease the C-level folks, good documentation and quantification of the instances of security problems will make them happy.

        "We spent 5,000 man hours last year cleaning up exploit problems on properly patched Windows machines, yet we spent 20 hours investigating potential security problems on the open source machines and found them to be simply user error. Per machine they equate to 50 hours per Windows machine, and 0.01 hours per open source machine.

        In the last fiscal year, the TCO per machine on average, including cost of licenses, upgrade licenses, maintenance, and required security response for Windows machine was $800, while it was only $2.50 per open source machine. Hardware costs are not accounted into this, as the open source users are happy with the superior performance achieved versus the Microsoft based counterparts."

        Those numbers are just yanked out of thin air. Fill them in with the appropriate numbers for your network.

        If you can provide a brief yet complete statement like that, it won't matter what the sales minions say, you have factual data to back up your side. Scare tactics aren't as good as hard evidence. Well, except in court. Juries will believe anything if you wrap it up right.

  11. Re:Spanning Tree on Slashdot.org Self-Slashdotted · · Score: 1

        Hehehe. Really, I'm surprised no one has got it. It's been posted here for a while. The only way I can make it easier is if I said that the encryption is approved by the NSA for top secret work, with the largest keysize, and then post the password.

        If anyone ever posts (emails, tells, whatever) me, I'll change my encrypted message to something more interesting. :)

  12. Re:A tour of Slashdot... on Slashdot.org Self-Slashdotted · · Score: 1

        The unfortunate fact of remote datacenters is, there usually isn't much fun. At the old company, we had several cities, and it may be a year or so between site visits. If a machine fails, note it, and bring replacement parts on the next trip. It made a $300 plane ticket worthwhile.

        At the company I'm at now, we occasionally have helping hands do stuff, but even then, no one could live off of a 1 hr/week paycheck.

     

  13. Re:Spanning Tree on Slashdot.org Self-Slashdotted · · Score: 1

        I've seen a few machines that get really pissy about it. Only a few though. The interface is powered down until something tries to use it (like DHCP or assigning a static IP). Only then does it start to negotiate. Those will also give up after about 20 seconds.

        Even if you try to renew the IP, unless you hit it just as it's shutting down, it won't snag one.

        Really though, those machines have been unusual to see. I can't even think of which ones they were, except knowing they were the annoying ones. :)

  14. Re:A tour of Slashdot... on Slashdot.org Self-Slashdotted · · Score: 1

        Nah, sometime later this year the big one will split California from Mexico through Oregon, and make the island state previously known as SansAngeles. :)

        Now, when will they get fiber run across the gap is another questions. :)

     

  15. Re:A tour of Slashdot... on Slashdot.org Self-Slashdotted · · Score: 3, Interesting

    Nah, I used to run one of the bigger, well know publically facing clusters. It was ranked #300 by Alexa when I left over 2 years ago. What's happened since is their own fault. :)

        Actually, this wouldn't have downed that network. Every GigE circuit was individual to a city, or set of racks (depending on the site). There were no cross connects between them. Almost everything was designed so if we lost a city for any reason, it didn't hurt the site. We had connectivity outages, and even a couple brownouts that upset the power systems, but the sites were always accessible.

        Slashdot should not, under any circumstances, be hosted in one location. In my opinion, they should be at the largest continental and intercontinental peerings that they can be at.

        1 Wilshire, Los Angeles, CA - providing the west coast of the US, and the most substantial fiber links on the Pacific.

        111 8th Ave, New York, NY - providing the east coast of the US, and virtually all of the links to Europe.

        36 NE 2nd St, Miami, FL - providing the southeast US, redundancy for the Southeast US, and some fiber to Europe and S. America

        Redundant options.

        426 S LaSalle St, Chigaco, IL - providing good service to the East and West coast of the US

        55 S Market St, San Jose, CA - providing good service to the West coast of the US, and some trans-Pacific connectivity

        Some people really like Atlanta, Dallas, Houston, Las Vegas, Salt Lake City, and Vienna/Ashburn/Reston. I don't really suggest it, if you can have a presence in the better locations.

        There are some very nice global options too. I'm not sure how well the European networks have cleaned up. Several years ago, due to peering arrangements over there, most European traffic ended up going to New York and back to Europe, even though we were on one of the top Tier 1 providers. We ditched the site, and sent all of Europe to New York. Our users sent complements on our "new data center in Europe", since it was so fast. :) People like to complain, but rarely send complements. That was interesting. There are some great locations in Australia and Asia also, but ... well ... it's all in how much you want to spend.

        I know people in the Silicon Valley always scream when I suggest them as secondary, but if you've had a good look at all the major cities, you'd get over yourselves. Just because you live there, and there are expensive neighbors, it doesn't make you the center of the world.

        Slashcode would need some revamping to make work in this environment. There are lots of options there too.

        But, I'm not on the Slashdot IT team, so I don't get to make these decisions (or even give opinions).

  16. Re:Spanning Tree on Slashdot.org Self-Slashdotted · · Score: 1

    :) I'm pretty sure that's what I do. I was lazy to log in and look though, and since I don't use it all the time, I don't know it off the top of my head....

        Ok, here's one of my desktop switch ports (we all have Catalyst switches on our desks, don't we?)

    interface FastEthernet0/9
      duplex full
      speed 100
      spanning-tree portfast

        There's a nice big warning on the Cisco site about it, which describes what they had...

    Caution: Never use the PortFast feature on switch ports that connect to other switches, hubs, or routers. These connections can cause physical loops, and spanning tree must go through the full initialization procedure in these situations. A spanning tree loop can bring your network down. If you turn on PortFast for a port that is part of a physical loop, there can be a window of time when packets are continuously forwarded (and can even multiply) in such a way that the network cannot recover.

  17. Re:Spanning Tree on Slashdot.org Self-Slashdotted · · Score: 2, Interesting

        Since no one would ever make the mistake of making a loop in a datacenter, it's fairly common to disable STP, among a few other things. It makes the time bringing a machine up on a port a bit quicker. On a Cisco, you're usually looking at 30 seconds. It'll bring it down to a fraction of a second.

        And it was (obviously) a big mistake.

        I leave it on in the datacenters. I can live with 30 seconds to bring the port up, if it means I'll never flood the whole network with bogus traffic. :) The only place I've tweaked my switches for connection speed is my own desk. There's only 1 wire coming in. There's only 1 switch. It helped when I had to bring up some machines via PXE. Some of them couldn't tolerate the 30 second delay when requesting DHCP. Still, I know the degree of isolation, so I can't screw it up without running a long wire from somewhere else. :)

        But, we're just assuming. Maybe one of the switches just started generating lots and lots of traffic all on it's own. Somehow. In the mysterious locked cabinet that none of us get to see into. :)

        It's always embarrassing when things go down, and even more so when it was something that could have been prevented. They should have reported that a line card in a core switch went down, and it took that long to bring it back up. :) Come on, how many times have you heard that from your upstream providers (if you have direct connects to big providers). I swear, for as many times as I've heard the excuse, every router on their networks must have been refreshed a dozen times over. :)

        As least it's a better excuse than I used to get. I think it was "GoodNet" that would claim a train derailed every time there was an outage of some sort. "Oh a train derailed, and cut the fiber. We have technicians out there repairing it right now." Somehow we never saw the news reports of dozens of trains derailing. :)

  18. Re:Cybersecurity Chief? on Obama To Name Melissa Hathaway Cybersecurity Chief · · Score: 1

        You know, when I was starting to really ramp up towards advanced stuff, I was pretty isolated. I had a lot of online resources (sites, email, chat with knowledgeable people), but rarely did I actually talk to people in person. Some things I got right, just out of dumb luck. Some things I didn't. I pronounce Linux wrong (leye-nuhks). Around 1992, I was told to "Try out this Linux thing". Armed with a box of floppies, and no idea what I was getting myself into, I tried. (and failed, as a good newbie should). From there, for several years, it was more reading online and in books. Then in the late 90's, someone said "You're saying it wrong." Really? How do you know? "Because someone else told me". We chased it around, and finally found the famous recording of Linus saying it. Aw heck.

        There's a neat thing about language. Usually if you learn to say something wrong, you'll keep doing it for an awful long time. So I say it wrong, and usually catch myself just as I say it.

        I did see Linus' posting where he said "I don't care how you say it, as long as you use it."

        I do say SQL. I am annoyed by people who just say "Sequel" and really mean Microsoft SQL. I ask them "Which SQL", and they'll come back with the MSSQL flavor of the year. They usually get annoyed that I'll start rattling off various SQL's, and they won't quite get what I'm saying, until I get to "Oh, you mean Microsoft S Q L"

        It's not that they're ignorant, it's that they probably don't know that there are other more dominant SQL servers out there. They were given the MSDN box set by their school or employer, and told "This is the world. Learn it. Live it. Love it.", and are frequently thrown for a culture shock to find out there is a much bigger, free world out there. :)

  19. Re:Change on Obama To Name Melissa Hathaway Cybersecurity Chief · · Score: 1

        You know, I've been curious too. I went crawling around for pictures or more biography. Pretty much the same ol' stuff everywhere. She's either done a good job sanitizing her public history, or she's never done anything. I'll opt for #1.

  20. Re:Hard Drive Encryption - Theory vs. Reality on How To, When You Have To Encrypt Absolutely Everything? · · Score: 1

        But, just in case I did care...

        I found this 10" pipe wrench for $4.20 + tax and free shipping.

        Don't forget, have someone else buy it, with cash, and only ever touch it wearing gloves. You wouldn't want to leave your fingerprints on a bloodied up wrench.

        But sometimes it's worth the extra money to get a "splitting maul". Be sure to size it where you can control it. Too heavy, and you might hurt yourself, or accidentally remove something you didn't intend to you. And, it'll make cleanup that much easier. It's easy to toss bite size pieces to the fishes without being noticed. :)

  21. Re:TrueCrypt or Wait for On Drive Upgrades on How To, When You Have To Encrypt Absolutely Everything? · · Score: 1

        Nope, guess not. Replace the empty quotes with "thermorectal cryptanalysis"

  22. Re:TrueCrypt or Wait for On Drive Upgrades on How To, When You Have To Encrypt Absolutely Everything? · · Score: 1

        The May 2003 version of the Wikipedia page is easier to read. :) Less words saying the same thing. Well, it doesn't mention the " " method. (I wonder if Slashcode can handle Cyrillic.)

        An armbar and legsweep to the floor, a knee to the back of the neck, and a subtle twist to the wrist is usually enough to get information from people. When they can feel limbs being removed, they're likely to tell you anything you want, and then some. If it doesn't work, finish removing the limb, let them recover for a few days, and try again on the next limb. No one is so determined to protect their employer that they WANT to be quadriplegic.

        And, the dummy install is stupid. If the attacker knows and expects particular information, when they find bogus information, they should just be mad. What are they going to do, say "oh thanks for the info, have a nice day", and find out it's bogus later.

        I guess it all depends on who you're trying to defend from.

        The biggest security risk is still, and always will be, internal.

       

  23. Re:oh wow on David After Dentist · · Score: 1

    Children shouldn't be chemically sedated, dammit.

    He was way beyond the effects of NOS and Novocain. It must have been chemical sedation.

    Poor kid.

  24. Slip it in slowly.... on How Do I Start a University Transition To Open Source? · · Score: 1

    Like any other good idea, you have to present it so the powers that be believe it's their idea.

    Start using the free options on your own workstation.

    My workstation runs Slamd64 (Slackware for 64 bit). I use OpenOffice for all the documents people send around. Why the company directory has to be an Excel spreadsheet is beyond me. I use GIMP to edit photos. I did a beautiful job of editing a photo of Thor (from Stargate::SG1) into a photo of a datacenter hallway, and adjusted a few signs to make it look more like a secret military base. Make sure people can see you working. If you hide out in a back room, then it all becomes a mysterious thing, not something open to them.

    Get a few coworkers who are open to the idea to do the same thing.

    Mention in passing that by running open source, you didn't need any licensing, and with that you saved X (and give the equivalent in Windows based commercial software).

    You need to remind them at particular times, like when the management is working out their annual budgets, that each desk that runs open sourced software is saving money.

    You must be a shining example. Don't be caught down in single user mode. If you want to do kernel upgrades, do it after hours when no one will see.

    When someone runs into a bug or crashing problem in the commercial software, be a little flip. "Oh, you paid X for that, and it doesn't work. Here, I can do it for you on mine, it doesn't crash. Oh and mine is all free"

    When they look at the budget, see that they'll need $100,000 in new licenses, and then see that there is an option that will save $100,000, they will likely come to you for more information.

    Pushing the issue almost never helps.

    An example was a DB server that I ran once. It was a very expensive Dell server, with Solaris x86 on it. It had problems, but at least I got some practice with Solaris x86. :) They were all excited about the support. "But we can call Dell, and they'll have it fixed within 4 hours." When they day came that a drive died, it happened on a Friday night, and we didn't have a replacement until Monday. The biggest problem happened during a memory upgrade. The guy bent on using this configuration had Sun and Dell on the phone, because the upgrade wouldn't work. It turned out that this version of Solaris couldn't handle all the memory.

    I pushed him off onto one of our generic SuperMicro machines running Slackware (generic in that we had a whole bunch for serving web sites). It was faster, on cheaper equipment. The drives were IDE, where the Dell had SCSI. If a drive died, I could go to CompUSA/BestBuy/etc and pick one up cheap. Where can you just go and pick up a SCSI drive? If a server died, we'd just yank the drives, and put them into another machine.

    At the time, he insisted that SCSI was the only way to go. (save your preaching). I didn't tell him what the machine was that I migrated to. I just told him that I had a spare that I could have him up in 30 minutes on. I brought him up, and it worked perfectly. More importantly, it could use all the memory available, AND ran faster. Queries ran in about 1/10 the time, so everyone was happy.

    It wasn't a perfect solution. We only had two drives in the SuperMicro machine, and they wanted RAID5.

    We looked at the cost of the Dell. Something like $40,000. We looked at the cost of the Supermicro. $3,000. We looked at replacement cost of the Dell with newer hardware, and a newer copy of Solaris x86. High 5 digits.

    This battle took two years. Two years of me saying "But these are better and cheaper", and when they day came that I was forced to prove it, I proved it in 30 minutes. We bought a better SuperMicro 1u machine, that we could run RAID5 on (4 drive b

  25. Re:How does someone make you run Google Maps 24/7? on Privacy Group Calls Google Latitude a Real 'Danger' · · Score: 1

        On my phone (Blackberry) it runs in the background. I started it up, and hit the hangup button to go to the main streen. I didn't go back into Google Maps, and drove from work to home, and pulled it up on my home computer, and it showed my location. Well, within 5000 meters (more or less).

        Still, if you know my location within 5000 meters, and don't know what my normal destinations would be, that isn't all that helpful. Due to the luxury of various routes in and out, there isn't just one choke point to watch for me.

        If mystery agency wanted to find me based on this, they'd have to road block several heavy traffic intersections, and then conduct a house to house search of hundreds of houses and quite a bit of wooded area.

        For the casual stalker, they wouldn't have much of a chance. If I don't want to be found, I won't be. I also won't have the battery in my phone, so that won't matter much. :) If I show up on the cell phone network, it's because I want to be seen there. By the time they show up, I won't be anywhere close. :)

        Now the implant the aliens put in my head is much more accurate, but it's just so they can pick me up before the construction fleet moves the Earth for the new intergalactic highway. :)