I manage a network of a few hundred or so CentOS 4 and 5 as well as Debian Etch and Lenny machines. I'm on call this weekend and my phone is quiet. Seems like this issue really didn't impact everyone. This looks to be a non-issue for me, anyway. I see this too:
Jun 30 19:59:59 kernel: [timestamp] Clock: inserting leap second 23:59:60 UTC
Maybe it comes high in the results because it's actually what people want to search for. Come on, we all know how these search engines work, and the proposition that they have hard-coded "if Google, bump up to 3" in their algorithm's logic is just laughable. Nobody is suggesting Google is colluding with Wikipedia, even though Wikipedia "mysteriously" shows up high in the search results all the time. This is ridiculous.
Uh, then I'm deluded... that's a little extreme, to say the least, and verges on conspiracy theory if you ask me. There are security flaws of all kinds lurking in all different systems, but political entities know better than to get their hands dirty with that.
I'm surprised at how many Slashdotters here hate running their own e-mail server. Heck, from reading this thread, you'd think it was impossible.
I have Postfix running with SpamAssassin at home, and it's been stable for years now. Want to solve the problem of outbound mail not being accepted? Just use your ISP's mail server as a smarthost for outbound mail. Worried about security? Honestly, you shouldn't be; just run your distribution's stable build of whatever mail server and you should be fine. Run a quick abuse.net open relay test, and you've taken all the precautions I have. (Well, I've moved my SSH port off the default and installed fail2ban, but that should be automatic for any Linux-based server.)
Running everything on Gmail has its advantages for ease of use, but local mail has its advantages, too. I have a copy of every e-mail I've ever received. That gives me a good feeling. I can browse and search it very fast - sure, the internet is fast these days, too, but there's a small advantage.
And you can set a backup MX record with a lower priority pointing to say, gmail, so if you have problems with your connection at home, the mail will still go somewhere.
Yes, it's not really necessary (gmail is fine) and can be a hassle for some, but is not as difficult as the posts in this thread would have you believe, and it's fun!
I am a sysadmin hosting Microsoft Exchange 2007 for customers at a mid-sized hosting company. We really don't have that much downtime. Probably less than a day of downtime in 5 years. Exchange really is a reliable, stable system. I say this as a Unix admin who prefers to work on Unix systems.
Okay, fine; I'll put an IIS or apache webserver directly on the internet. Are you joking?
Seriously, a firewall can do much more than just limit the number of connections. They can block based on the number of connections per second or minute and add to an abusive-hosts list for further prevention. They can be configured with a reverse Squid proxy and block based on HTTP-REFERER or whatever else the attacker is dumb enough to leave as an identifier common to all packets. DDOS is loosely defined; whatever denies service is a denial-of-service attack, not just flooding a pipe with raw bandwidth.
I work at a webhosting company and we have all kinds of success with (properly) configured firewalls.
Mike Malloy is sort of the liberal answer to Glenn Beck. He uses anger and rage on his show as a sort of catharsis, and it's pretty funny when he blows up against the right (or whatever passes for right-wing nowadays)... Love it, it's a fantastic radio show, everyone interested in political podcasts should check it out.
I can't believe we don't see more of this, considering the trust-based nature of BGP. I'm not saying that's a bad thing, I'm just wondering out loud why this is so unusual.
This is insane. Smart people already understand how malware works. This reminds me of Calvin's dad in Calvin and Hobbes saying "____ builds character" no matter what the thing is. Sometimes things are a negative and they're already fully understood that way. That's the way it is.
Bruce Schneier is right here; there is no need for a conference of malware developers.
He's fine; only conspiracy types would assume otherwise. The real question is, will Wikileaks get its message out and reach average people (not just geeks) and start changing minds and waking people up to things they haven't read about in the mainstream media or seen on Fixed News.. and if not, why not? What is it about our society that just continues to not be surprised by what Wikileaks reports, and not think about doing anything about it or trying to change the system?
You're absolutely right about prevention being key, and handwashing is an extremely neglected, important way to fight disease (disclaimer: of _course_ i am not any kind of doctor).
But there's nothing wrong with getting a flu shot, and it can only improve matters in the vast majority of situations. There may be circumstances where getting a shot would be unhealthy, sure.
Forcing people to get one seems like it causes other, ethical, problems, though, which I didn't mention in my post which is now modded flamebait:)
Install base is definitely part of it, but don't let this guy get away with the same old argument that all software is equally vulnerable given enough copies of it. Apache is extremely popular and has never had as many problems as IIS server did in the beginning. Programmers make mistakes, sure, but there's a right and a wrong way to go about designing this stuff properly from the beginning so that exploitation is minimized, or when it does happen, other factors are in place (eg file-system-level access control, memory protection,...) to mitigate the breadth of damage that could be caused by a successful exploit.
This is "pull yourself up by your bootstraps" nonsense. Making concessions to women because they have children is something society has done for a long time. Society makes a lot of concessions for people, not just women, in all kinds of situations. You sound like the kind of person that doesn't need or want those concessions, but don't mix your own hubris with self-serving arguments about feminism, starting points and meritocracy.
People should be allowed to get help when trying to achieve their personal and professional goals. That's all this is about, and in the end, we'll all benefit.
It's hard to see someone do this to themselves. That might be why the comments are encouraging you to quit so much. I feel for you, but I also worked at help desk for 2 years and getting fired wasn't enjoyable. If you quit you might feel better about it.
"'It's stupidity. It's worse than stupidity: it's a marketing hype campaign,' he told The Guardian. 'Somebody is saying this is inevitable â" and whenever you hear somebody saying that, it's very likely to be a set of businesses campaigning to make it true.'"
It sounds like he's talking about the bailout legislation.
You could start a VNC server on a computer running applications that you'd use in your meeting, such as office applications. Then have everyone connect using a shared session. TightVNC is what I use, but the feature is standard across any VNC implementation. In the options dialog, you can "Request Shared Session."
Look, with all due respect, how is that "insightful"... it's just ad hominem. You provide no evidence to suggest she might be a bitch, just insist that if we were in your shoes, we'd agree. I'm no Hillary supporter, but that's just a derogatory personal attack, and your post should be called out as such.
Just set up https: and be done with it. If more websites did this, you'd have the same effect, and most people only visit 8-9 sites throughout the course of a normal day anyway.
That's interesting, that might be how they're doing it. I heard from some folk who claim success by encrypting the tracker communications only, by sending them over a VPN.
You'd think that's how they're doing it, but it doesn't seem to be the case. Rogers customer here, and my SFTP (FTP over SSH) connections go at full-tilt, while BitTorrent has slowed down to a crawl (0-1 KB/sec) on my connection in the past (yes, using the latest uTorrent/Azureus Vuze client, with standard BT MSE/PE encryption enabled).
I don't know what's going on, but I suspect they've already figured out something that these Italian guys are researching now, and they've been able to identify BitTorrent from other encrypted traffic.
It's a dirty job to be a penetration tester? Looks pretty cool to me. Awful to stand in a server room sandwiched between (horror!) a server rack and a wall? That's called working in a server room. And since when are support techs all patronizing idiots, and night-shifters all zombies. For the most part, at our company people treat our techs with respect. This is sensationalist BS... a lot of people would kill for any of these jobs.
Slashdot Mirror
I manage a network of a few hundred or so CentOS 4 and 5 as well as Debian Etch and Lenny machines. I'm on call this weekend and my phone is quiet. Seems like this issue really didn't impact everyone. This looks to be a non-issue for me, anyway. I see this too:
Jun 30 19:59:59 kernel: [timestamp] Clock: inserting leap second 23:59:60 UTC
Maybe it comes high in the results because it's actually what people want to search for. Come on, we all know how these search engines work, and the proposition that they have hard-coded "if Google, bump up to 3" in their algorithm's logic is just laughable. Nobody is suggesting Google is colluding with Wikipedia, even though Wikipedia "mysteriously" shows up high in the search results all the time. This is ridiculous.
Uh, then I'm deluded... that's a little extreme, to say the least, and verges on conspiracy theory if you ask me. There are security flaws of all kinds lurking in all different systems, but political entities know better than to get their hands dirty with that.
I'm surprised at how many Slashdotters here hate running their own e-mail server. Heck, from reading this thread, you'd think it was impossible.
I have Postfix running with SpamAssassin at home, and it's been stable for years now. Want to solve the problem of outbound mail not being accepted? Just use your ISP's mail server as a smarthost for outbound mail. Worried about security? Honestly, you shouldn't be; just run your distribution's stable build of whatever mail server and you should be fine. Run a quick abuse.net open relay test, and you've taken all the precautions I have. (Well, I've moved my SSH port off the default and installed fail2ban, but that should be automatic for any Linux-based server.)
Running everything on Gmail has its advantages for ease of use, but local mail has its advantages, too. I have a copy of every e-mail I've ever received. That gives me a good feeling. I can browse and search it very fast - sure, the internet is fast these days, too, but there's a small advantage.
And you can set a backup MX record with a lower priority pointing to say, gmail, so if you have problems with your connection at home, the mail will still go somewhere.
Yes, it's not really necessary (gmail is fine) and can be a hassle for some, but is not as difficult as the posts in this thread would have you believe, and it's fun!
I am a sysadmin hosting Microsoft Exchange 2007 for customers at a mid-sized hosting company. We really don't have that much downtime. Probably less than a day of downtime in 5 years. Exchange really is a reliable, stable system. I say this as a Unix admin who prefers to work on Unix systems.
Okay, fine; I'll put an IIS or apache webserver directly on the internet. Are you joking?
Seriously, a firewall can do much more than just limit the number of connections. They can block based on the number of connections per second or minute and add to an abusive-hosts list for further prevention. They can be configured with a reverse Squid proxy and block based on HTTP-REFERER or whatever else the attacker is dumb enough to leave as an identifier common to all packets. DDOS is loosely defined; whatever denies service is a denial-of-service attack, not just flooding a pipe with raw bandwidth.
I work at a webhosting company and we have all kinds of success with (properly) configured firewalls.
http://www.mikemalloy.com/
Mike Malloy is sort of the liberal answer to Glenn Beck. He uses anger and rage on his show as a sort of catharsis, and it's pretty funny when he blows up against the right (or whatever passes for right-wing nowadays)... Love it, it's a fantastic radio show, everyone interested in political podcasts should check it out.
I can't believe we don't see more of this, considering the trust-based nature of BGP. I'm not saying that's a bad thing, I'm just wondering out loud why this is so unusual.
This is insane. Smart people already understand how malware works. This reminds me of Calvin's dad in Calvin and Hobbes saying "____ builds character" no matter what the thing is. Sometimes things are a negative and they're already fully understood that way. That's the way it is.
Bruce Schneier is right here; there is no need for a conference of malware developers.
He's fine; only conspiracy types would assume otherwise. The real question is, will Wikileaks get its message out and reach average people (not just geeks) and start changing minds and waking people up to things they haven't read about in the mainstream media or seen on Fixed News.. and if not, why not? What is it about our society that just continues to not be surprised by what Wikileaks reports, and not think about doing anything about it or trying to change the system?
You're absolutely right about prevention being key, and handwashing is an extremely neglected, important way to fight disease (disclaimer: of _course_ i am not any kind of doctor).
But there's nothing wrong with getting a flu shot, and it can only improve matters in the vast majority of situations. There may be circumstances where getting a shot would be unhealthy, sure.
Forcing people to get one seems like it causes other, ethical, problems, though, which I didn't mention in my post which is now modded flamebait :)
If everyone had the flu shot, there would be no more flu.
If more people have the flu shot, there will be less flu than there is now.
Install base is definitely part of it, but don't let this guy get away with the same old argument that all software is equally vulnerable given enough copies of it. Apache is extremely popular and has never had as many problems as IIS server did in the beginning. Programmers make mistakes, sure, but there's a right and a wrong way to go about designing this stuff properly from the beginning so that exploitation is minimized, or when it does happen, other factors are in place (eg file-system-level access control, memory protection, ...) to mitigate the breadth of damage that could be caused by a successful exploit.
This is "pull yourself up by your bootstraps" nonsense. Making concessions to women because they have children is something society has done for a long time. Society makes a lot of concessions for people, not just women, in all kinds of situations. You sound like the kind of person that doesn't need or want those concessions, but don't mix your own hubris with self-serving arguments about feminism, starting points and meritocracy.
People should be allowed to get help when trying to achieve their personal and professional goals. That's all this is about, and in the end, we'll all benefit.
It's hard to see someone do this to themselves. That might be why the comments are encouraging you to quit so much. I feel for you, but I also worked at help desk for 2 years and getting fired wasn't enjoyable. If you quit you might feel better about it.
They should somehow tap into phpBB. I'm already on some forums that generate more than twice this much bullshit every second :)
...suddenly do!
"'It's stupidity. It's worse than stupidity: it's a marketing hype campaign,' he told The Guardian. 'Somebody is saying this is inevitable â" and whenever you hear somebody saying that, it's very likely to be a set of businesses campaigning to make it true.'"
It sounds like he's talking about the bailout legislation.
You could start a VNC server on a computer running applications that you'd use in your meeting, such as office applications. Then have everyone connect using a shared session. TightVNC is what I use, but the feature is standard across any VNC implementation. In the options dialog, you can "Request Shared Session."
Look, with all due respect, how is that "insightful"... it's just ad hominem. You provide no evidence to suggest she might be a bitch, just insist that if we were in your shoes, we'd agree. I'm no Hillary supporter, but that's just a derogatory personal attack, and your post should be called out as such.
My dungeon master used to bring those 4D tetrahedrons out when he felt especially mean. I still hate him for it.
Just set up https: and be done with it. If more websites did this, you'd have the same effect, and most people only visit 8-9 sites throughout the course of a normal day anyway.
That's interesting, that might be how they're doing it. I heard from some folk who claim success by encrypting the tracker communications only, by sending them over a VPN.
You'd think that's how they're doing it, but it doesn't seem to be the case. Rogers customer here, and my SFTP (FTP over SSH) connections go at full-tilt, while BitTorrent has slowed down to a crawl (0-1 KB/sec) on my connection in the past (yes, using the latest uTorrent/Azureus Vuze client, with standard BT MSE/PE encryption enabled).
I don't know what's going on, but I suspect they've already figured out something that these Italian guys are researching now, and they've been able to identify BitTorrent from other encrypted traffic.
It's a dirty job to be a penetration tester? Looks pretty cool to me. Awful to stand in a server room sandwiched between (horror!) a server rack and a wall? That's called working in a server room. And since when are support techs all patronizing idiots, and night-shifters all zombies. For the most part, at our company people treat our techs with respect. This is sensationalist BS... a lot of people would kill for any of these jobs.