For that matter, do you know your cell phone's OS? (Can you edit and audit it?) How about your microwave, your car?
I guess you *can* chuck your CPU, drives, microwave, your car, your cellphone, and only go with open source and hardware that you can manually figure out "when it breaks", or you can leave some things sealed "because they work", and have other things open "to fix or replace by qualified people when they're broken".
All that being said (and you did bring up a car analogy on slashdot), if you don't actually know how to operate a simple welding torch, maybe you shouldn't be trying to open your car hood, and the people that *do* know how to operate a torch are those people who should be doing those repairs.
When I see pen-test as a career, that's generally a heads-up for me that a person doesn't really have any idea what they're doing. They're script-kiddies, nothing more.
OTOH, if somebody writes exploits, and detection scripts (snort's a good place to start), that tells me that they're not sitting around running nmap and expecting to be paid for it.
You'll still want the gearbox in there, just a generator that adapts to wider range of speed.
Gearboxes take lower-speed, higher torque, and turn it into higher-speed, lower torque.
While removing the simple (extremely so) gearbox seems attractive, replacing the few moving parts that make up a turbine's gear box, and using a bunch of moving electronics, is a maintenance nightmare.
Basically, it's the same problem as Hydraulics, only they're hoping that by calling it a "Generator", they can hand wave and ignore that fact that their proposed design adds insane amounts of Things That Can Break(TM).
What do: Geocities, Blogger, Myspace, *chan, slashdot, and MediaWiki all have in common? None of them do anything that can't actually be done with a text editor and hosting space.... and a fair bit of clue.
I'm afraid it does. I'm talking about the requirement to mark your ballot in privacy away from anyone who may be trying to influence your vote.
Dude, if your bathroom door doesn't have a lock, or there are other barriers to privacy in your own home, being "pressured by outsiders" for a vote is not your biggest problem.
"1) Most employers want five years of recent, verifiable, full-time, professional experience. That would be an awful lot of time to volunteer."
Please don't become a parent. That takes about 18 years. If you can't even commit a paltry, pathetic, five years to a project, why even bother hiring you? You'll be out the door too soon to really matter. I'll assume you're young, and know nothing about dedicating your life to your work, so "five years" is big. Maybe, as you get older, you might see why 30, or even 50, years of dedication and work matters.
Known challenge-response keys are not the same as a final encrypted signature/key exchange.
Think of it as having caller ID on a traditional modem, where caller ID technology can be (and has been) spoofed: the first layer of challenge only response gets you to... the second layer. The first layer, by itself, filters out a massive number of brute-force war-dialer script-kiddy attacks before they can even *make* it to the second layer.
Since over-doing car analogies is popular here, I'll go with "garage door". Garage doors are very easy to hack (see: crowbar), but they still don't get you access into a car once inside a garage. It's called layered defense.
Yes, layered defense is still penetrable, but there's a pretty well proven argument/reason reason for the layers.
The difference is that when an FM Pro app starts flaking out (public school systems are just eaten up with FM Pro deployments that got too big for their britches) there isn't a "big brother" product to easily transition to that scales.
I've scaled FMP out quite nicely, actually. I think the problem you're more likely running into is one where poor database design and implementation does not scale, regardless of the engine used. Since you mentioned school systems, here's some examples of particular design and implementation mistakes I've run into in that environment.
Keeping all student records in one table, in perpetuity, so the engine has to slog through records from 10 years ago to find today's current students.
Keeping all records, for all tasks, on one DB machine, in one set of tables, rather than using separate machines (why should the student attendance records *always* be on the same machine as the cafeteria menu, the janitorial schedule, the PTA newsletter, and the 2001 teacher vacation sign-up sheet?)
The BigTable. Everybody who's worked in cleaning up poor DB design knows this one, the freaking huge table that stores *everything*. As text fields, of course. With no relational links.
These simple design gotchas can be made with *any* db engine, and are often made by inexperienced designers. Easy and fun is setting up the basics, and when it gets slow, paying some geek (or finding a young volunteer who needs to pad their resume) to re-engineer the system.
Of course, there are an awful lot of inexperienced db admins out there, who have only worked with scaling one or two kinds of db engines, and thus lack the history of "scaling" back when 30Hz and 64Mb of RAM was the maximum per desktop (and thus lack the tao of partitioning zen), or are used to using their "clustering tools" (and thus lack the tao of systems connections zen), or any other number of failings which prevent them from understanding how to actually scale something really big.
If you're applying for a job as a DBA (or are the chief teacher/DBA for a school system), and you don't understand how DNS scales, well.... there ya go.;)
We used to have UUCP, so hundreds, even thousands, of emails could burst, making long distance email cheap....Wait, we still do.
We used to have burst radio connections, that could run off of a mobile platform, making it nightmarish to triangulate....Wait, we still do.
We used to have an internet, pre CIDR, and the IPv6 initiatives, where the whole fabric of the internet wasn't stoppable as a single netblock....Wait. Aw, SHIT!
Most of the comments I've read so far seem to be in favour of Spamhaus, and while I agree that they do some good work, they are not all good. Specifically, they seem over keen to blacklist address ranges without providing any proof, and very reluctant to unblock these.
You have it backwards. They have no reason, no burden of proof, to pick apart your network to discover which parts of your network you are allowing to systematically abuse the internet.
I work for an ISP providing dedicated server hosting & colocation. Recently a couple of our customers contacted us saying that they had appeared on the Spamhaus blacklist, and were consequently having trouble sending e-mails. They claimed that they had not involved in any spamming activities, and that this listing was therefore incorrect. We found out that Spamhaus had blacklisted a range of our IP addresses (specifically a/27 subnet), and their explanation was that we were hosting someone from their ROKSO list.
Exactly as it should be. If you are allowing sexual predators to use your apartment complex in some way to victimize children, don't be surprised when the neighborhood shuns the nuns living in the same complex.
While it was indeed true that we were hosting a server for this person, Spamhaus had a) blocked an address range larger than the IP addresses involved with this spammer, and b) would not offer any proof that the spammer had been using the server we host for him to involve in any spamming activities.
Lovely, so, as long as he was only using your apartment complex to molest children elsewhere, that's just dandy by you?
Apparently, since Steve came back, he's spent most of his time at Apple.... being nostalgic.
Desktop Switching? Mac, 1986
Tiny desktop mini-apps (Dashboard or desk accessories)? Mac, 1983
Simple, but unexpandable, "appliance" design? Mac, 1983
Meta data about files? Resources forks are so 1983.
What *has* steve brought to the table?
Not a single Isreali citizen would have had to die if the IDF didn't insist on setting up operations in the center of residential neighborhoods, launching missile and bomb strikes from their cities, and overall using civillians as human shields?
Are you seriuously suggesting that the IDF shouldn't be patrolling cities in Israel? That they should all just camp out in the desert, so they wouldn't be using the general public as "human shields"?
It appears there are idiots on both sides thouroughly taken in by propaganda.
Both Hezbollah and the IDF sleep with bombs, and civillians on both sides sleep in bomb sheleters.
Slashdot Mirror
Does access to the books require a cart, driven by a buggy whip, as well?
They'd like the sales taxes for your regional affiliate/salesstaff.
Do you use sealed CPU's? How about hard drives?
For that matter, do you know your cell phone's OS? (Can you edit and audit it?) How about your microwave, your car?
I guess you *can* chuck your CPU, drives, microwave, your car, your cellphone, and only go with open source and hardware that you can manually figure out "when it breaks", or you can leave some things sealed "because they work", and have other things open "to fix or replace by qualified people when they're broken".
All that being said (and you did bring up a car analogy on slashdot), if you don't actually know how to operate a simple welding torch, maybe you shouldn't be trying to open your car hood, and the people that *do* know how to operate a torch are those people who should be doing those repairs.
When I see pen-test as a career, that's generally a heads-up for me that a person doesn't really have any idea what they're doing. They're script-kiddies, nothing more.
OTOH, if somebody writes exploits, and detection scripts (snort's a good place to start), that tells me that they're not sitting around running nmap and expecting to be paid for it.
Quite simple, really.
Gearboxes take lower-speed, higher torque, and turn it into higher-speed, lower torque.
While removing the simple (extremely so) gearbox seems attractive, replacing the few moving parts that make up a turbine's gear box, and using a bunch of moving electronics, is a maintenance nightmare.
Basically, it's the same problem as Hydraulics, only they're hoping that by calling it a "Generator", they can hand wave and ignore that fact that their proposed design adds insane amounts of Things That Can Break(TM).
What do: Geocities, Blogger, Myspace, *chan, slashdot, and MediaWiki all have in common? None of them do anything that can't actually be done with a text editor and hosting space.... and a fair bit of clue.
What they did was remove the needed "clue".
This, of course, has had some side effects.
How about a sticker that says 'I voted'. That would do as much good.
I'm afraid it does. I'm talking about the requirement to mark your ballot in privacy away from anyone who may be trying to influence your vote.
Dude, if your bathroom door doesn't have a lock, or there are other barriers to privacy in your own home, being "pressured by outsiders" for a vote is not your biggest problem.
"1) Most employers want five years of recent, verifiable, full-time, professional experience. That would be an awful lot of time to volunteer."
Please don't become a parent. That takes about 18 years. If you can't even commit a paltry, pathetic, five years to a project, why even bother hiring you? You'll be out the door too soon to really matter. I'll assume you're young, and know nothing about dedicating your life to your work, so "five years" is big. Maybe, as you get older, you might see why 30, or even 50, years of dedication and work matters.
Think of it as having caller ID on a traditional modem, where caller ID technology can be (and has been) spoofed: the first layer of challenge only response gets you to... the second layer. The first layer, by itself, filters out a massive number of brute-force war-dialer script-kiddy attacks before they can even *make* it to the second layer.
Since over-doing car analogies is popular here, I'll go with "garage door". Garage doors are very easy to hack (see: crowbar), but they still don't get you access into a car once inside a garage. It's called layered defense.
Yes, layered defense is still penetrable, but there's a pretty well proven argument/reason reason for the layers.
"Our as well as the future of our children depends on these IQ tests." http://www.iqleague.com/iq-test-mensa
http://www.army.mil/-news/2008/04/02/8265-phishing-e-mail-to-mwr-patrons-turns-out-to-be-army-exercise/ 10,000 mails sent, 3,000 visitors to the site (enough to gather IP addies, browser agents, etc.).
Don't have to kill a tank, or a gunship, if you can kill the driver.
I've scaled FMP out quite nicely, actually. I think the problem you're more likely running into is one where poor database design and implementation does not scale, regardless of the engine used. Since you mentioned school systems, here's some examples of particular design and implementation mistakes I've run into in that environment.
- Keeping all student records in one table, in perpetuity, so the engine has to slog through records from 10 years ago to find today's current students.
- Keeping all records, for all tasks, on one DB machine, in one set of tables, rather than using separate machines (why should the student attendance records *always* be on the same machine as the cafeteria menu, the janitorial schedule, the PTA newsletter, and the 2001 teacher vacation sign-up sheet?)
- The BigTable. Everybody who's worked in cleaning up poor DB design knows this one, the freaking huge table that stores *everything*. As text fields, of course. With no relational links.
These simple design gotchas can be made with *any* db engine, and are often made by inexperienced designers. Easy and fun is setting up the basics, and when it gets slow, paying some geek (or finding a young volunteer who needs to pad their resume) to re-engineer the system.Of course, there are an awful lot of inexperienced db admins out there, who have only worked with scaling one or two kinds of db engines, and thus lack the history of "scaling" back when 30Hz and 64Mb of RAM was the maximum per desktop (and thus lack the tao of partitioning zen), or are used to using their "clustering tools" (and thus lack the tao of systems connections zen), or any other number of failings which prevent them from understanding how to actually scale something really big.
If you're applying for a job as a DBA (or are the chief teacher/DBA for a school system), and you don't understand how DNS scales, well.... there ya go.
I, for one, salute the ultimate sacrifice made by our new Underlords. R.I.P.
We used to have UUCP, so hundreds, even thousands, of emails could burst, making long distance email cheap. ...Wait, we still do.
We used to have burst radio connections, that could run off of a mobile platform, making it nightmarish to triangulate. ...Wait, we still do.
We used to have an internet, pre CIDR, and the IPv6 initiatives, where the whole fabric of the internet wasn't stoppable as a single netblock. ...Wait. Aw, SHIT!
You forgot Poland.
Sometimes time limits are good.
Most of the comments I've read so far seem to be in favour of Spamhaus, and while I agree that they do some good work, they are not all good. Specifically, they seem over keen to blacklist address ranges without providing any proof, and very reluctant to unblock these.
/27 subnet), and their explanation was that we were hosting someone from their ROKSO list.
You have it backwards. They have no reason, no burden of proof, to pick apart your network to discover which parts of your network you are allowing to systematically abuse the internet.
I work for an ISP providing dedicated server hosting & colocation. Recently a couple of our customers contacted us saying that they had appeared on the Spamhaus blacklist, and were consequently having trouble sending e-mails. They claimed that they had not involved in any spamming activities, and that this listing was therefore incorrect. We found out that Spamhaus had blacklisted a range of our IP addresses (specifically a
Exactly as it should be. If you are allowing sexual predators to use your apartment complex in some way to victimize children, don't be surprised when the neighborhood shuns the nuns living in the same complex.
While it was indeed true that we were hosting a server for this person, Spamhaus had a) blocked an address range larger than the IP addresses involved with this spammer, and b) would not offer any proof that the spammer had been using the server we host for him to involve in any spamming activities.
Lovely, so, as long as he was only using your apartment complex to molest children elsewhere, that's just dandy by you?
Apparently, since Steve came back, he's spent most of his time at Apple.... being nostalgic.
Desktop Switching? Mac, 1986
Tiny desktop mini-apps (Dashboard or desk accessories)? Mac, 1983
Simple, but unexpandable, "appliance" design? Mac, 1983
Meta data about files? Resources forks are so 1983.
What *has* steve brought to the table?
"The workhorse is now Java. It has unmatched support for databases, unparalleled library support."
What's really sad about the above statement is that I can't tell if the author was being serious, or intentionally outlandish.The Jesubites, Canaanites, Philistines, and Hitties might disagree.
Not a single Isreali citizen would have had to die if the IDF didn't insist on setting up operations in the center of residential neighborhoods, launching missile and bomb strikes from their cities, and overall using civillians as human shields?
Are you seriuously suggesting that the IDF shouldn't be patrolling cities in Israel? That they should all just camp out in the desert, so they wouldn't be using the general public as "human shields"?
It appears there are idiots on both sides thouroughly taken in by propaganda.
Both Hezbollah and the IDF sleep with bombs, and civillians on both sides sleep in bomb sheleters.