Is anyone keeping a list somewhere of all the places that have folded or closed a service and have as a result left people with unusable content? This is at least the third story I've read on/. about this sort of stunt, and we've also read where DRM supporters are always saying this sort of thing never happens, I'd love to see that list stuffed in their mouth.
The exact mistake you just made will start biting people in the not-so-distant future.
OK I can convert my collection of music to MP3, good and fine, no rush right? I'll do that next week.
Meanwhile, the servers go offline. Then Murphy stops by. HD crash. Glad I have a backup. Restore backup. "Change in hardware configuration detected, contacting authentication servers to renew license.... Error, unable to contact servers. Please call Yahoo Music Store support for assistance."
You lose.
The only way to avoid this is to get a law passed that requires DRM manufacturers to put DRM unlockers in escrow somewhere and in the event that they close shop, go out of business, their servers burn down, etc, the public is given the keys so they can unlock and strip the DRM from their purchases.
assuming they catch him, which I hope they do. if he's got 2 cents of witt he had a very large wad of cash stashed somewhere that wifey got a large cut of I'm sure for smuggling him out, and he's jumped country by now.
It's also important to see the difference between a UPS and an inverter with a battery. The UPS has two important additions:
1) automatic cutover from the mains 2) recharges the battery when the mains are back
This is why UPSs are more expensive than inverters. Some UPS's have the additional feature of being able to "boost" or otherwise regulate mains power. So if the power co is providing too high or low of voltage, or line noise, it tweaks the power coming in without cutting over to the inverter.
The cutover is also an important difference between inverters. Good inverters only cut over when needed, and the cutover is totally transparent to the equipment they power.
Most modern UPSs also have a USB cable to hook to your computer to talk with the UPS software. There's an industry standard on how this communication works, (huge surprise, imho) and macs have the software built into the OS to automatically manage controlled shutdown when the batteries are about to exhaust.
But because anyone is free to obtain the iPhone SDK by signing up for it, Apple is essentially branding publicly available information as confidential. This 'puzzling contradiction' is the...
Apple has placed a restriction on the information, so that less than 100% of the public has access to it. Whether my front door has the deadbolt thrown or not does not affect whether or not my house is a public place. If I close the door, it's NOT a public place, even if anyone is free to knock on the door and get invited in. If you don't agree to put out your cigarette and refrain from smoking, you can rot on the porch for all I care, you're not coming in. And if you try to light up if I let you in, out you go!
Same thing here. This is Apple's, and they have the right to outline terms on which you can partake, just the same as I can outline how you need to behave in my house. And if you don't like the terms, you're free to stay outside.
There's nothing contradictory about it at all. Unless you consider everything public. (somehow this reminds me of the Free Rogue's Motto, "what isn't nailed down is MINE. What I can pry loose, isn't nailed down")
What I have is a Tripp-Lite SB-2000, which is an oldie but a goodie. Only link I can find now is here. It runs on 24v external power, so I just set two car batteries on top of it. Picked it up years ago for a song on ebay.
That unit though really is meant to have massive batteries on it. (looks like 24v golf cart batteries maybe, it has large binding posts on it for the external battery, there is no internal battery)
You can't just hook a car battery up to some old APC you have sitting around. It may run on it, but there are two factors to keep in mind:
1) UPS's are designed with cooling in mind. Sure you can put a monster battery on it so it has a runtime (at max output) of an hour instead of 10 minutes, but is it going to catch on fire or just plain overheat and shut down at 30 minutes in?
2) if it runs off the batteries, it has to charge them back up. The charge circuit faces the same limitations as the inverter in terms of capacity and cooling. Your UPS may run fine for 45 minutes, but then when power comes back, the charge circuit may fry after an hour of continuous load trying to bring the battery back up to full.
and of course 3) installing a larger battery doesn't affect your maximum output (watts), it only affects your maximum uptime (watt-hours)
I suppose also 4) is worth considering... not all hardware LIKES to run off a UPS. The power tends to be kinda nasty. I don't even want to know what my old tripp-lite puts out for power but I'm pretty sure it's very dirty. Fortunately all the hardware that's on it doesn't seem to mind. (yet) The longer you run something on a UPS, the more likely you are to damage it if it's not tolerant. I once tried placing a harmonic filter on my tripp-lite. Worked like a charm, put out a nearly perfect and clean sine wave. For about 6 minutes. Then it smoked. The power was simply too nasty for it to filter. Newer UPSs of course do better here. They usually advertise a "modified sine wave", same as you see stamped on inverters.
Final note: no, you cannot stack UPS's. The line filters on modern UPS's don't like the power coming from a UPS and will switch on when the upstream UPS turns on.
Last night we had a power outage. I shut down the desktop and was able to continue working for almost 2 hours on the laptop because with the Desktop down the UPS was only carrying the DSL router and the WiFi box.
good uptime for a laptop. got a second battery? (I know I do)
Inverters for the Servers. (DC PSUs are available for some of the servers we use but at so high a premium that the inverters are cheaper.)
that's because it just has to invert it before it can step it up or down. If you supply DC you are actually introducing another necessary step. It gets hard to cram 2x the electronics into the PS. Inverters are definitely the way to go.
We can handle a dozen Power cuts in a day with no service interruption or data loss ("Tested" 2 weeks ago) and we can stay up without external power for more than a week. After that we have to start trucking in additional diesel.
Yep. That's right. With sufficient fuel we can be online indefinably. Which we will have to do if we get hit by a major hurricane.
Might want to rethink how easy it is to get a truck in during a hurricane.;) Unless it's more of a boat, think Katrina.
Imagine a server, where UPS #2 is down for repairs, UPS #1 fails during a power cut, When everything comes back up we find 2 failed hard drives in the RAID 5 on the email server. despite previous testing and confirmation that the backups work the most recent tapes failed to read.
um, ouch?
Best advise? Memorize all your important data. That way if you loose your mind, you are not responsible for the lost Data (or anything else).
Was going to say, all of the above is moot if an EF5 rolls through town. Better add "offsite backup" to your list if it's not already there. With the EF5 that ran through here last month, some people got their backups turned into "offsite" backups. (maintenance guy was here last week, said they are still looking for their dump truck)
Linux software RAID, and any RAID basically, needs to know if the disks of the array are still properly matched to eachother when the array is initialized. When power fails, or when you press reset, they will be in a "dirty" state, and the system may need to recreate the array. That is, if it can. I've never tried it, but I can imagine that a RAID0 can be completely destroyed by a power failure. But, don't take my word for that...
One way is if the partition table and drivers on one slice gets trashed, and the first few meg of the data partition (directory mostly) get trashed on the other slice, by the same event that also happens to hang the computer.
You have no idea how unpleasant it is to reconstruct a partition table from scratch and reinstall firewire driver partitions using DD. It didn't BOOT, but I was able to bribe it to mount and copy the data off.
Pressure implies energy, but not as heat. When you allow matter to expand, say to double its size, it still contains the same amount of heat overall, but now it's spread among a volume twice the original size. This is why a CO2 cylinder full of liquid CO2, at room temp, chills rapidly if you start dumping out the CO2. Heat energy is carried out of the tank which drops the temperature of the tank. It got colder not because it lost pressure, but because some of the mass containing the heat energy left, and the remaining mass is occupying the same volume as before, so the average heat energy per volume drops.
A fridge works by this. Compress a coolant and it increases its heat density. Temperature is essentially multiplied as the area is divided. This becomes very easy to bleed off in a radiator because of the high temp difference between it and the surrounding air.
Then let it bleed down into a low pressure coil, and what had dropped to room temp on average (or near there) now starts dividing its remaining heat among the expanded liquid/gas, and the average temp drops below room temp. This cools the inside of the fridge because heat is absorbed by the expanded coolant and warms the coolant up. The compressor pulls in the low pressure coolant and compresses it again, and the cycle repeats.
Not sure why they use freon/r142, probably because of it having the most favorable qualities in this process. (being a liquid/gas at convenient temps/pressures for this compress/expand process)
The only reason the hot coils feel hot compared to the cold coils is because there's a lot more coolant in the hot coils than in the cool ones, volume-wise. They both may have the same energy per mass, but since the hot coils may have 10x the coolant in the same space as the cold coils, it appears that by compressing them they got hotter. They did get hotter to the touch, but they didn't increase their energy, they just concentrated it.
assuming they don't mark up any of the charges on the bill (kinda shows if you mark up the tax) they have to put "profit" in there somewhere. The recovery cost looks like their margin in disguise.
As for why they don't roll it all into one number, the govt requires them to spell out most of the things that go into the bill, so they have nowhere to hide the profit at. So there it is.
Although the test does run itself from time to time, it's the handling of the situation that's more important. How many times have you heard "this happens every time Joe goes on vacation!" or how many times have you seen people have to work-ahead for the entire week before they leave so the entire line doesn't collapse by Wednesday? This indicates the test is being made but nobody cares about the results. Unfortunately, this is more often the rule than the exception. It's really easy to find someone in any organization that the rest of the staff really regret when they take time off, and that should be a big red flag, but somehow it never is.
Any boss that is double checking with you that you have your pager/cell phone on while you're on vacation is ignoring the problem. A good manager expects you to be reachable, but not easily reachable, and doesn't make it sound like something that should have to happen, and makes adjustments in the event you have to be called at home, so that it's less likely to happen again.
In any event, at the very least, calls home while on vacation/sick should always go through your manager. Your manager should be the one to call, IM, or email you. That way, at least they understand the scope of the problem. If you get sporadic IMs several times a day all week from your coworkers, your boss may not even realize there is a problem. If I get a call while I'm off work, it better be from my manager. If it's not, I will refuse to answer and tell them to have the boss call me. They don't LIKE it, but it's necessary, and it motivates my manager to do something about it. (especially if this means HIM getting called at home to call ME) This also has the side-effect of forcing otherwise lazy ("I don't know, I give up! Call Joe!") coworkers to learn how to be independent and find information when it's not right at their fingertips. When people DO get hit by a bus, the staff have to momentarily become much more resourceful, so they best be prepared.
This all depends on who accepts it when. If when Childs started his lockdown, he was under the watch of a manager that either didn't care, or agreed with him, and so he did as he pleased.
A lot of IT organizations have a single person that is the core, the one person that has comprehensive knowledge of all systems and fully understands how they interact. These are the people that are brought in on any major problem or decision, and whose input counts more than double. (and often simply hold "veto power") Now I'm not saying this is a good thing, I'm just saying it happens from time to time and you have to accept that. Some systems just evolve in this direction, and once they get past a certain point, it becomes very hard to change them.
There IS one easy way to solve these problems, but it involves the managers taking a walk out on a shaky limb and take some heat. One example is a week of paid leave. On Monday Joe's manager announces "Joe is on paid leave effective immediately. (no warning to Joe OR the staff in advance of this) Go home Joe, see you in a week and enjoy your paid time off, courtesy of the company." Then, "OK for the next week you are on your own. NO ONE is to call, page, IM, email, or otherwise contact Joe for ANY REASON. Joe got hit by a bus this morning on the way to work, that's how you will behave. You are to keep written track of every problem you run into this week that you would normally rely on Joe to help with. Do not simply shelve problems for next week - treat them like Joe is never coming back." Any critical questions you bring to ME, and I will call Joe if it's really necessary, but I will not be happy about it, and be prepared to justify to me that you've already tried everything else possible. If I find someone is hiding problems for next week there will be serious disciplinary action taken.
Needless to say, when Joe gets back on Monday, the next 2-4 weeks will probably be planned out, documenting things and teaching people how to do stuff. You could also make this a two week leave depending on your situation. If you're a big organization, the longer the better, but at the worst three weeks will shake out most of the bugs. This also gives the managers a very clear picture of how well distributed knowledge is within the department. You've probably heard someone say "but what if you got hit by a bus tomorrow?" when discussing something you are the only one that knows how to do. Now you get answers. We call this the "hit by a bus test". Any decently sized IT department with one central person should conduct this test periodically, say every two years. The first one should be a gimme. If on the second test, things have not improved over the first, time to take disciplinary action. Letting one of your staff continue to hold the keys to the kingdom is unacceptable and is everybody's fault to some degree.
One would think they would prefer cuba to use US lines, because that would be much easier to tap than someone else's line to Venezuela.
We may soon see a reversal in the policy. "Well, if you're going to find a way around the embargo, here why don't you use this line, we've got one all set up and ready for you."
oh sorry that's an advanced feature not included in your OS.;)
It's a password manager of sorts built into the system. When you login, it uses the (cleartext rehashed) login password to automatically gain access to the keys it encrypts. Those keys are given to system processes that have been previously granted access to those particular entries. (like when you try to read your mail, the email program gets your POP password from the keychain, which the keychain has been told that app is allowed to request without prompts)
If you force reset the login password, the keychain cannot be unlocked (decrypted) and there is no fix for that. You have to delete the keychain and make a new one. Any passwords in the keychain are unrecoverable.
So merely resetting the user's password may not solve all your problems. If there's an administrative app that the user runs, that logs into the server to change configs, that password is probably in the keychain. So if you knew the user's password, you could login as them and immediately get on the server to work with it because the password would be filled in for you. Force-reset the user's password and login, and when you try to connect to the server it's going to ask you for the pw since it can't get it out of the keychain.
More technical detail: the keychain entries are encrypted using a randomly generated key. THAT key is encrypted using your hashed login password and stored in the keychain header. This makes it very simple to change your login password (normally while logged in) because the system merely decrypts the keychain key using your old password, re-encrypts using your new login password, and updates the header in the keychain with the newly hashed key.
Things get more complicated if you have filevault enabled, because the entire user's home folder is in a similarly encrypted r/w disk image. Force reasetting that user's login password will just cause the system to request the vault's password when you go to login. If you don't know that, well you don't have ~. That one has a safety on it though, it has a second encrypted copy of the true key in the header, encrypted using the master password assigned by the admin, so in case you forget your password the admin can reset the password for you. (but still cannot recover your keychain)
What I don't understand is I've read several times recently that they have a mockup lander that they run ALL commands through to make sure they will work as intended, before uploading instructions.
So why wasn't this problem caught before it was sent to the lander? Sounds like they are covering up for someone taking a shortcut and getting bitten as a result.
merely being able to login doesn't necessarily help things. If the data the system relies on is encrypted and gets decrypted by you keychain when you login, you can reset the login pw sure, but then the keychain doesn't unlock and you don't get the keys to the kingdom. There is no resetting a keychain password besides dragging it to the trash and doing a File... New...
Slashdot Mirror
the url in your sig is forbidden (403)
Is anyone keeping a list somewhere of all the places that have folded or closed a service and have as a result left people with unusable content? This is at least the third story I've read on /. about this sort of stunt, and we've also read where DRM supporters are always saying this sort of thing never happens, I'd love to see that list stuffed in their mouth.
The exact mistake you just made will start biting people in the not-so-distant future.
OK I can convert my collection of music to MP3, good and fine, no rush right? I'll do that next week.
Meanwhile, the servers go offline. Then Murphy stops by. HD crash. Glad I have a backup. Restore backup. "Change in hardware configuration detected, contacting authentication servers to renew license.... Error, unable to contact servers. Please call Yahoo Music Store support for assistance."
You lose.
The only way to avoid this is to get a law passed that requires DRM manufacturers to put DRM unlockers in escrow somewhere and in the event that they close shop, go out of business, their servers burn down, etc, the public is given the keys so they can unlock and strip the DRM from their purchases.
assuming they catch him, which I hope they do. if he's got 2 cents of witt he had a very large wad of cash stashed somewhere that wifey got a large cut of I'm sure for smuggling him out, and he's jumped country by now.
It's also important to see the difference between a UPS and an inverter with a battery. The UPS has two important additions:
1) automatic cutover from the mains
2) recharges the battery when the mains are back
This is why UPSs are more expensive than inverters. Some UPS's have the additional feature of being able to "boost" or otherwise regulate mains power. So if the power co is providing too high or low of voltage, or line noise, it tweaks the power coming in without cutting over to the inverter.
The cutover is also an important difference between inverters. Good inverters only cut over when needed, and the cutover is totally transparent to the equipment they power.
Most modern UPSs also have a USB cable to hook to your computer to talk with the UPS software. There's an industry standard on how this communication works, (huge surprise, imho) and macs have the software built into the OS to automatically manage controlled shutdown when the batteries are about to exhaust.
But because anyone is free to obtain the iPhone SDK by signing up for it, Apple is essentially branding publicly available information as confidential. This 'puzzling contradiction' is the...
Apple has placed a restriction on the information, so that less than 100% of the public has access to it. Whether my front door has the deadbolt thrown or not does not affect whether or not my house is a public place. If I close the door, it's NOT a public place, even if anyone is free to knock on the door and get invited in. If you don't agree to put out your cigarette and refrain from smoking, you can rot on the porch for all I care, you're not coming in. And if you try to light up if I let you in, out you go!
Same thing here. This is Apple's, and they have the right to outline terms on which you can partake, just the same as I can outline how you need to behave in my house. And if you don't like the terms, you're free to stay outside.
There's nothing contradictory about it at all. Unless you consider everything public. (somehow this reminds me of the Free Rogue's Motto, "what isn't nailed down is MINE. What I can pry loose, isn't nailed down")
What I have is a Tripp-Lite SB-2000, which is an oldie but a goodie. Only link I can find now is here. It runs on 24v external power, so I just set two car batteries on top of it. Picked it up years ago for a song on ebay.
That unit though really is meant to have massive batteries on it. (looks like 24v golf cart batteries maybe, it has large binding posts on it for the external battery, there is no internal battery)
You can't just hook a car battery up to some old APC you have sitting around. It may run on it, but there are two factors to keep in mind:
1) UPS's are designed with cooling in mind. Sure you can put a monster battery on it so it has a runtime (at max output) of an hour instead of 10 minutes, but is it going to catch on fire or just plain overheat and shut down at 30 minutes in?
2) if it runs off the batteries, it has to charge them back up. The charge circuit faces the same limitations as the inverter in terms of capacity and cooling. Your UPS may run fine for 45 minutes, but then when power comes back, the charge circuit may fry after an hour of continuous load trying to bring the battery back up to full.
and of course 3) installing a larger battery doesn't affect your maximum output (watts), it only affects your maximum uptime (watt-hours)
I suppose also 4) is worth considering... not all hardware LIKES to run off a UPS. The power tends to be kinda nasty. I don't even want to know what my old tripp-lite puts out for power but I'm pretty sure it's very dirty. Fortunately all the hardware that's on it doesn't seem to mind. (yet) The longer you run something on a UPS, the more likely you are to damage it if it's not tolerant. I once tried placing a harmonic filter on my tripp-lite. Worked like a charm, put out a nearly perfect and clean sine wave. For about 6 minutes. Then it smoked. The power was simply too nasty for it to filter. Newer UPSs of course do better here. They usually advertise a "modified sine wave", same as you see stamped on inverters.
Final note: no, you cannot stack UPS's. The line filters on modern UPS's don't like the power coming from a UPS and will switch on when the upstream UPS turns on.
Last night we had a power outage. I shut down the desktop and was able to continue working for almost 2 hours on the laptop because with the Desktop down the UPS was only carrying the DSL router and the WiFi box.
good uptime for a laptop. got a second battery? (I know I do)
Inverters for the Servers. (DC PSUs are available for some of the servers we use but at so high a premium that the inverters are cheaper.)
that's because it just has to invert it before it can step it up or down. If you supply DC you are actually introducing another necessary step. It gets hard to cram 2x the electronics into the PS. Inverters are definitely the way to go.
We can handle a dozen Power cuts in a day with no service interruption or data loss ("Tested" 2 weeks ago) and we can stay up without external power for more than a week. After that we have to start trucking in additional diesel.
Yep. That's right. With sufficient fuel we can be online indefinably. Which we will have to do if we get hit by a major hurricane.
Might want to rethink how easy it is to get a truck in during a hurricane. ;) Unless it's more of a boat, think Katrina.
Imagine a server, where UPS #2 is down for repairs, UPS #1 fails during a power cut, When everything comes back up we find 2 failed hard drives in the RAID 5 on the email server. despite previous testing and confirmation that the backups work the most recent tapes failed to read.
um, ouch?
Best advise? Memorize all your important data. That way if you loose your mind, you are not responsible for the lost Data (or anything else).
Was going to say, all of the above is moot if an EF5 rolls through town. Better add "offsite backup" to your list if it's not already there. With the EF5 that ran through here last month, some people got their backups turned into "offsite" backups. (maintenance guy was here last week, said they are still looking for their dump truck )
Graceful shutdown: you have a chance to tell your buddies that your power just went out, and you'll be coming back once it's restored.
or if they're local, you get to see them timeout one after another and disappear as you are saving your documents and committing your databases.
The main unit in the basement holds for over two hours. (has two car batteries to munch on) but that's longer than my ISP evidently.
Linux software RAID, and any RAID basically, needs to know if the disks of the array are still properly matched to eachother when the array is initialized. When power fails, or when you press reset, they will be in a "dirty" state, and the system may need to recreate the array. That is, if it can. I've never tried it, but I can imagine that a RAID0 can be completely destroyed by a power failure. But, don't take my word for that...
One way is if the partition table and drivers on one slice gets trashed, and the first few meg of the data partition (directory mostly) get trashed on the other slice, by the same event that also happens to hang the computer.
You have no idea how unpleasant it is to reconstruct a partition table from scratch and reinstall firewire driver partitions using DD. It didn't BOOT, but I was able to bribe it to mount and copy the data off.
Pressure implies energy, but not as heat. When you allow matter to expand, say to double its size, it still contains the same amount of heat overall, but now it's spread among a volume twice the original size. This is why a CO2 cylinder full of liquid CO2, at room temp, chills rapidly if you start dumping out the CO2. Heat energy is carried out of the tank which drops the temperature of the tank. It got colder not because it lost pressure, but because some of the mass containing the heat energy left, and the remaining mass is occupying the same volume as before, so the average heat energy per volume drops.
A fridge works by this. Compress a coolant and it increases its heat density. Temperature is essentially multiplied as the area is divided. This becomes very easy to bleed off in a radiator because of the high temp difference between it and the surrounding air.
Then let it bleed down into a low pressure coil, and what had dropped to room temp on average (or near there) now starts dividing its remaining heat among the expanded liquid/gas, and the average temp drops below room temp. This cools the inside of the fridge because heat is absorbed by the expanded coolant and warms the coolant up. The compressor pulls in the low pressure coolant and compresses it again, and the cycle repeats.
Not sure why they use freon/r142, probably because of it having the most favorable qualities in this process. (being a liquid/gas at convenient temps/pressures for this compress/expand process)
The only reason the hot coils feel hot compared to the cold coils is because there's a lot more coolant in the hot coils than in the cool ones, volume-wise. They both may have the same energy per mass, but since the hot coils may have 10x the coolant in the same space as the cold coils, it appears that by compressing them they got hotter. They did get hotter to the touch, but they didn't increase their energy, they just concentrated it.
assuming they don't mark up any of the charges on the bill (kinda shows if you mark up the tax) they have to put "profit" in there somewhere. The recovery cost looks like their margin in disguise.
As for why they don't roll it all into one number, the govt requires them to spell out most of the things that go into the bill, so they have nowhere to hide the profit at. So there it is.
so, how long before your ISP starts blocking use of DNS servers other than their own?
Although the test does run itself from time to time, it's the handling of the situation that's more important. How many times have you heard "this happens every time Joe goes on vacation!" or how many times have you seen people have to work-ahead for the entire week before they leave so the entire line doesn't collapse by Wednesday? This indicates the test is being made but nobody cares about the results. Unfortunately, this is more often the rule than the exception. It's really easy to find someone in any organization that the rest of the staff really regret when they take time off, and that should be a big red flag, but somehow it never is.
Any boss that is double checking with you that you have your pager/cell phone on while you're on vacation is ignoring the problem. A good manager expects you to be reachable, but not easily reachable, and doesn't make it sound like something that should have to happen, and makes adjustments in the event you have to be called at home, so that it's less likely to happen again.
In any event, at the very least, calls home while on vacation/sick should always go through your manager. Your manager should be the one to call, IM, or email you. That way, at least they understand the scope of the problem. If you get sporadic IMs several times a day all week from your coworkers, your boss may not even realize there is a problem. If I get a call while I'm off work, it better be from my manager. If it's not, I will refuse to answer and tell them to have the boss call me. They don't LIKE it, but it's necessary, and it motivates my manager to do something about it. (especially if this means HIM getting called at home to call ME) This also has the side-effect of forcing otherwise lazy ("I don't know, I give up! Call Joe!") coworkers to learn how to be independent and find information when it's not right at their fingertips. When people DO get hit by a bus, the staff have to momentarily become much more resourceful, so they best be prepared.
This all depends on who accepts it when. If when Childs started his lockdown, he was under the watch of a manager that either didn't care, or agreed with him, and so he did as he pleased.
A lot of IT organizations have a single person that is the core, the one person that has comprehensive knowledge of all systems and fully understands how they interact. These are the people that are brought in on any major problem or decision, and whose input counts more than double. (and often simply hold "veto power") Now I'm not saying this is a good thing, I'm just saying it happens from time to time and you have to accept that. Some systems just evolve in this direction, and once they get past a certain point, it becomes very hard to change them.
There IS one easy way to solve these problems, but it involves the managers taking a walk out on a shaky limb and take some heat. One example is a week of paid leave. On Monday Joe's manager announces "Joe is on paid leave effective immediately. (no warning to Joe OR the staff in advance of this) Go home Joe, see you in a week and enjoy your paid time off, courtesy of the company." Then, "OK for the next week you are on your own. NO ONE is to call, page, IM, email, or otherwise contact Joe for ANY REASON. Joe got hit by a bus this morning on the way to work, that's how you will behave. You are to keep written track of every problem you run into this week that you would normally rely on Joe to help with. Do not simply shelve problems for next week - treat them like Joe is never coming back." Any critical questions you bring to ME, and I will call Joe if it's really necessary, but I will not be happy about it, and be prepared to justify to me that you've already tried everything else possible. If I find someone is hiding problems for next week there will be serious disciplinary action taken.
Needless to say, when Joe gets back on Monday, the next 2-4 weeks will probably be planned out, documenting things and teaching people how to do stuff. You could also make this a two week leave depending on your situation. If you're a big organization, the longer the better, but at the worst three weeks will shake out most of the bugs. This also gives the managers a very clear picture of how well distributed knowledge is within the department. You've probably heard someone say "but what if you got hit by a bus tomorrow?" when discussing something you are the only one that knows how to do. Now you get answers. We call this the "hit by a bus test". Any decently sized IT department with one central person should conduct this test periodically, say every two years. The first one should be a gimme. If on the second test, things have not improved over the first, time to take disciplinary action. Letting one of your staff continue to hold the keys to the kingdom is unacceptable and is everybody's fault to some degree.
I always wondered why stuff always sticks to one of my sweaters..
One would think they would prefer cuba to use US lines, because that would be much easier to tap than someone else's line to Venezuela.
We may soon see a reversal in the policy. "Well, if you're going to find a way around the embargo, here why don't you use this line, we've got one all set up and ready for you."
oh sorry that's an advanced feature not included in your OS. ;)
It's a password manager of sorts built into the system. When you login, it uses the (cleartext rehashed) login password to automatically gain access to the keys it encrypts. Those keys are given to system processes that have been previously granted access to those particular entries. (like when you try to read your mail, the email program gets your POP password from the keychain, which the keychain has been told that app is allowed to request without prompts)
If you force reset the login password, the keychain cannot be unlocked (decrypted) and there is no fix for that. You have to delete the keychain and make a new one. Any passwords in the keychain are unrecoverable.
So merely resetting the user's password may not solve all your problems. If there's an administrative app that the user runs, that logs into the server to change configs, that password is probably in the keychain. So if you knew the user's password, you could login as them and immediately get on the server to work with it because the password would be filled in for you. Force-reset the user's password and login, and when you try to connect to the server it's going to ask you for the pw since it can't get it out of the keychain.
More technical detail: the keychain entries are encrypted using a randomly generated key. THAT key is encrypted using your hashed login password and stored in the keychain header. This makes it very simple to change your login password (normally while logged in) because the system merely decrypts the keychain key using your old password, re-encrypts using your new login password, and updates the header in the keychain with the newly hashed key.
Things get more complicated if you have filevault enabled, because the entire user's home folder is in a similarly encrypted r/w disk image. Force reasetting that user's login password will just cause the system to request the vault's password when you go to login. If you don't know that, well you don't have ~. That one has a safety on it though, it has a second encrypted copy of the true key in the header, encrypted using the master password assigned by the admin, so in case you forget your password the admin can reset the password for you. (but still cannot recover your keychain)
What I don't understand is I've read several times recently that they have a mockup lander that they run ALL commands through to make sure they will work as intended, before uploading instructions.
So why wasn't this problem caught before it was sent to the lander? Sounds like they are covering up for someone taking a shortcut and getting bitten as a result.
does that address the problem of bit clumping?
get it in writing
get it in writing
get it in writing
that immediately brings up an image of Scotty saying, "...or should I just hit the 'delete' key?"
This assumes you have a VPN or there's something facing outward.
Keys are no good if you can't reach the lock.
merely being able to login doesn't necessarily help things. If the data the system relies on is encrypted and gets decrypted by you keychain when you login, you can reset the login pw sure, but then the keychain doesn't unlock and you don't get the keys to the kingdom. There is no resetting a keychain password besides dragging it to the trash and doing a File... New...
But yes.. physical access to a device trumps all
NO.
If I have en encrypted home folder, you are going to have to toss in a lot of hours to fill in your hand.