You seem to enjoy saying the word "logged". All this tells me is that you don't check those logs.
My emphasis on logging was exactly because they need to be regularly checked. Many of my users love to figure out how to get around the protections I have in place. I know there are many people out there smarter than me but I am very determined, so I have that going for me....
Just for your info smart guy, I've gotten past setups like this with ease. It's called a home server and stunnel.
I think I would catch you with the report that looks for large amounts of traffic going to home IP blocks used by broaband ISPs in my region of the country. You do have broadband right?
Honestly, I've meet admins like you and you sound just like an ass.
I may also find you with the report that looks to see what users are regularly visiting asshat.com.
I get resumes from admins like you all the time and I throw them in the trash.
Being a good admin is not laying down rules and then enforcing them like a tyrant, it's making your network be usable to your users.
I would like to see how you would keep a city wide network running for 20,000 users without laying down rules and enforcing them.
I try to be a benevolent tyrant and were you in my place with your outlook you would soon be unemployed or back in the bush leagues where you belong.
And forgive me for staying on point but the question was about denying access to home email with a thread of How?. It did not ask what we do to make our networks more usable or did you not RTFA. Attention to detail and remain on task, nope. There goes the resume in the trash again.
If your network or email system is so fragile that it can't handle what could be called normal usage, perhaps you are in the wrong field. I make my networks so that the users CAN'T damage them.
I have over 8,000 High School students who disagree and many would love to test your theory.
I am sure you work in some magical place with unlimited budgets, lots of help, users who never do anything stupid and get to upgrade to the latest hardware every quarter but I live in the real world and that is how we have to do it just to keep the trains running on time.
I am sure you have special insight into what new threats are coming down the pipe and have full confidence that Microsoft, Cisco and your leet hacker skills will keep you bullet proof. I will hedge my bets and play it safe thank you very much.
I work very hard to keep the garbage out of my network and off my email server. I will not let it waltz in via somebody's home email account.
All ports blocked at the firewall for outbound traffic. You must connect to a server that is permitted to access the service you need. This access is logged.
For web traffic three proxy servers are allowed past this block for ports 80 and 443. This access is logged.
Proxy servers monitored by NetSpective web filter that is set to block web based email and know public proxies amongst other things. This access is logged. My users continually help me find new sites to block.
If you are persistent in trying to circumvent my protection I find creative ways to make your life miserable. If you are a good user and have an emergency situation a temporary exception can be granted with proper supervision.
Find local vendors with smart honest people. One of the big filters I use is the people I talk to must be smarter than me. This is not too high of a bar because I need to know a little about a lot of areas managing 3,500 nodes with 6 people. You can normally tell after one small project if the vendor is giving you the warm and fuzzys or the creeps.
When you find a good local vendor for a specific area rinse and repeat to find a second local or national. Work with both building a working friendship clearly laying ground rules for what is expected on both sides. If they meet their end of the deal they get rewarded with your loyal business if not they get the boot.
After five years I have several very good vendor relationships. I have the home numbers of some very good people. They know if I call them on a Saturday night it is a last resort and I have major problems and that this will only once happen every two or three years. I get above and beyond service and they expect loyalty and referrals in return. And they also know that when you order six servers you will also buy enough spare parts to almost build a seventh. They really love you when you have a failure and they are just replacing your parts stock "sure next Tuesday is fine".
In Internet terminology, a troll is a person who posts inflammatory messages on the internet, such as on online discussion forums, to disrupt discussion or to upset its participants./wiki
I could only read halfway through page two of TFA because the article was so trollish.
Self appointed experts do not like knowledgeable peasants treading on their turf.
Umm... I think you are responding to something not said. It doesn't break the DHCP server it breaks the PCs ability to pull a DHCP address.
In order to install Sophos on some new IBM XP boxes I had to remove the 30 day Norton AV that comes preinstalled. That specific step does not hose DHCP. If you also uninstall Symantec remote update thingy the PC will not pull a DHCP address, it shows 0.0.0.0. If you assign a static address networking will work. I believe the earlier poster is correct in that the update program is bound to the TCP IP stack for some reason.
Being intimately involved with technology in a K-12 public school system in New England I see this SF issue as political or massive incompetence because they are paying way too much per node. I get big discounts on all most all technology related purchases I make. I have read some good things about what is happening in Maine that I am attempting to clone in my district.
Oh the ring of keys analogy really works for me. What planet is this guy living on? I am soon implementing a program where we are going to remove the power supplies from all computers in the company and servers achieving 100% airtight, bulletproof security and reducing support costs to nothing. /sarcasm
snip/
"One of the biggest problems caused by diversity is that it become very difficult for the IT staff to maintain equal competence on all platforms. The IT staff will have to focus more resources on keeping these systems interoperating and have fewer resources available to concentrate on things like securing the site."
/snip
I would love to have my IT staff focusing on something other than the virus or patch of the week. They are getting real good at disinfecting and patching Microsoft machines.
This works both ways. I quit good paying job and completely changed carriers because my employers were "unethical bastards" several years ago. I was thought to be nuts by friends, family and coworkers. Now they think I am a genius. That company is almost gone and a tiny fraction of its former size and I am now a PHB who tries to be the anti- "unethical bastards".
Damage Studios trolling aside, any time you interview or read a resume it is your job to discriminate. Is this person the best fit for the position/team/department and admit it or not everything from where he or she has worked to the color of their socks should be evaluated.
It constantly amazes me that I get paid a lot of money to play with computers and networks all day.
Love of technology will keep you looking for work when others get discouraged. The ability to understand your employers or clients business and work flow and find technological improvements will keep you employed.
Am I the only one who is kind of happy that people are no longer using time and talent to sell dog food to the masses online?
You raise many valid possible problems but I think there is a solution. Every character ages and dies naturally or by combat. This game would not be popular with people who enjoy raising stats and skills as quickly as possible so they can lord over the land with their god like powers. I think it would be popular with others who enjoy the process of building a character more than the eventual result (weekend warriors). We have many examples of the former and few or the latter.
It will still suck big time when the character you have put months into dies but the pain would be some what lessened if they were going to die in another month anyway. (over 50 death matches anyone?)
I am very intrigued by the idea of PD and I think it would add some interesting twists to an online game. IMHO you would have to structure the whole game around the PD system.
For example every character starts at the age of maturity for their specific race. Every race has a life expectancy of x years. All characters would eventually die of old age. The character would have a y% chance of dieing of old age relating to the +/- factor of x. A much lower factor of dieing from accident or disease could also be added. Some stats would be raised or lowered depending on the relationship to x. DEX decreases and WSD increases the closer you get to x.
Races with longer life expectancy would gain xp slower than short lived races. You could have a system where after you reach a specific xp threshold you could create another character who is heir the older character. This new character would inherit all of the banked stuff from the dieing character.
I would be interested to see what type of player community developed around this type of game. I would hope that it would lower the ratio of l33t d00dz.
Do some research before the meeting. What is the state of technology in the school? Could you help repair school equipment, maintain web pages or tutor kids in the elementary school? Read the districts acceptable use policy to get a sense of where they stand on issues such as security, piracy and the like. It should be on the schools or the districts web site.
Their main concern will be that they are we turning hackers loose on the network. Be prepared to convince the administration that you have not crossed over to the dark side and that you will use your powers for good. Good luck.
When I started with my present employer about 18 months ago I was able to upgrade and reallocate six Proliant servers in two racks that where originally setup by someone who needed a few good wacks with the clue bat. I ended up with a spare 6000 and some leftover parts from the initial install two years prior. I loaded the two unused bays in the 6000 with cages, still in the box and installed the RAID controller, still in the box and bought a bunch of second hand 18Gb SCSI drives. I ended up with two 84.7Gb RAID 5 arrays to use on alternating nightly backups. During the day the nightly backup is copied to tape for off site and archival purposes. The best benefit is that except for testing I have not had to restore from tape since I implemented this and about 90% of the restores have been from the previous nights backup. Restoring from and copying to the SCSI drives is much faster than dealing with the tapes. We only backup about 40Gb a night so we have room to grow. I have lost one 18Gb drive but I still have four spares.
Don't tell anyone... Is a bad idea if you have a nice house, car or other stuff that someone may sue you for over real or imagined damages.
Buy a couple of hours with a local attorney and accountant. Every state and municipality in the US has different regulations so the advice you are getting on/. is going to be all over the map. You could do the "tell no one" plan but your personal assets will be liable with out the protection of some type of corporation.
In my previous state I was up and running for less than $500. The attorney advised that zoning and association rules would not be violated if you were unable to tell I was running a business in my house and I could even use my home address. The possible problems he cited where signage and traffic. The accountant advised that it was very important to keep the business and personal monies separate and about tax strategies and their consequences.
In my current state I never made it past the attorney. The company was strictly for side work and not my main employment and I found that I would be taxed and feed out the wazoo by the state and the town. I would have to incorporate in Delaware and get a mail forwarding service and still get partially screwed by my state. So it is on the back burner for now.
If possible make your wife or mother 51% owner of the business so you can be a minority owned business. Good luck.
Slashdot Mirror
Very well then, you are a bulletproof hacker and I am a lowly school admin with technical and power issues. I stand corrected......
Thanks for reminding me why I quit reading slashdot.
My emphasis on logging was exactly because they need to be regularly checked. Many of my users love to figure out how to get around the protections I have in place. I know there are many people out there smarter than me but I am very determined, so I have that going for me....
Just for your info smart guy, I've gotten past setups like this with ease. It's called a home server and stunnel.I think I would catch you with the report that looks for large amounts of traffic going to home IP blocks used by broaband ISPs in my region of the country. You do have broadband right?
Honestly, I've meet admins like you and you sound just like an ass.I may also find you with the report that looks to see what users are regularly visiting asshat.com.
I get resumes from admins like you all the time and I throw them in the trash.
Being a good admin is not laying down rules and then enforcing them like a tyrant, it's making your network be usable to your users.I would like to see how you would keep a city wide network running for 20,000 users without laying down rules and enforcing them.
I try to be a benevolent tyrant and were you in my place with your outlook you would soon be unemployed or back in the bush leagues where you belong.
And forgive me for staying on point but the question was about denying access to home email with a thread of How?. It did not ask what we do to make our networks more usable or did you not RTFA. Attention to detail and remain on task, nope. There goes the resume in the trash again.
If your network or email system is so fragile that it can't handle what could be called normal usage, perhaps you are in the wrong field. I make my networks so that the users CAN'T damage them.I have over 8,000 High School students who disagree and many would love to test your theory.
I am sure you work in some magical place with unlimited budgets, lots of help, users who never do anything stupid and get to upgrade to the latest hardware every quarter but I live in the real world and that is how we have to do it just to keep the trains running on time.
I am sure you have special insight into what new threats are coming down the pipe and have full confidence that Microsoft, Cisco and your leet hacker skills will keep you bullet proof. I will hedge my bets and play it safe thank you very much.
Access Denied
I work very hard to keep the garbage out of my network and off my email server. I will not let it waltz in via somebody's home email account.
All ports blocked at the firewall for outbound traffic. You must connect to a server that is permitted to access the service you need. This access is logged.
For web traffic three proxy servers are allowed past this block for ports 80 and 443. This access is logged.
Proxy servers monitored by NetSpective web filter that is set to block web based email and know public proxies amongst other things. This access is logged. My users continually help me find new sites to block.
If you are persistent in trying to circumvent my protection I find creative ways to make your life miserable. If you are a good user and have an emergency situation a temporary exception can be granted with proper supervision.
I also have 15Mb FIOS and I get around 14.5Mb to Portland ME, Boston and New York. I drop down to only 5Mb to the west coast.
*****News Flash*****
New Hampshire Verizon customer says Randall Stephenson is full of shit.
Amen
Find local vendors with smart honest people. One of the big filters I use is the people I talk to must be smarter than me. This is not too high of a bar because I need to know a little about a lot of areas managing 3,500 nodes with 6 people. You can normally tell after one small project if the vendor is giving you the warm and fuzzys or the creeps.
When you find a good local vendor for a specific area rinse and repeat to find a second local or national. Work with both building a working friendship clearly laying ground rules for what is expected on both sides. If they meet their end of the deal they get rewarded with your loyal business if not they get the boot.
After five years I have several very good vendor relationships. I have the home numbers of some very good people. They know if I call them on a Saturday night it is a last resort and I have major problems and that this will only once happen every two or three years. I get above and beyond service and they expect loyalty and referrals in return. And they also know that when you order six servers you will also buy enough spare parts to almost build a seventh. They really love you when you have a failure and they are just replacing your parts stock "sure next Tuesday is fine".
Frankly it pisses me off that people still try to send my users mail with executable attachments.
It should not be hard it should be impossible.
I have to block anything that has a remote possibility causing problems.
I have written email to three different scifi writers over the last several years and had brief exchanges with two and was ignored by the third.
All three were questions about the social/tech interaction in their stories and about the other possible resulting implications.
I was surprised that they responded at all.
I think I received the two replies because I was extrapolating on their ideas rather than shooting holes in them.
This yahoo forum will provide a good conduit for communication with writers, some authors will be better than others at using it.
The Japanese have a reputation for being prejudiced.
I think this is want the last comment is referring too, Japans xenophobia.
http://www.hrdc.net/sahrdc/hrfeatures/HRF39.htm
http://www.theage.com.au/articles/2002/11/12/1037
http://www.crnjapan.com/discrimination/en/
http://www.ipsnews.net/news.asp?idnews=31436
In Internet terminology, a troll is a person who posts inflammatory messages on the internet, such as on online discussion forums, to disrupt discussion or to upset its participants./wiki
I could only read halfway through page two of TFA because the article was so trollish.
Self appointed experts do not like knowledgeable peasants treading on their turf.
Umm... I think you are responding to something not said. It doesn't break the DHCP server it breaks the PCs ability to pull a DHCP address.
In order to install Sophos on some new IBM XP boxes I had to remove the 30 day Norton AV that comes preinstalled. That specific step does not hose DHCP. If you also uninstall Symantec remote update thingy the PC will not pull a DHCP address, it shows 0.0.0.0. If you assign a static address networking will work. I believe the earlier poster is correct in that the update program is bound to the TCP IP stack for some reason.
FTA- "Unlike the private sites, most of the chat channels and news groups are open to anyone who can master their relatively arcane protocols."
Dam, I want to get on Usenet but I can't find my crystal ball.
: )It does not correct my spelling mistakes. I have become verry used to that on Google.
Being intimately involved with technology in a K-12 public school system in New England I see this SF issue as political or massive incompetence because they are paying way too much per node. I get big discounts on all most all technology related purchases I make. I have read some good things about what is happening in Maine that I am attempting to clone in my district.
http://us.cnn.com/2003/EDUCATION/10/23/school.laphttp://www.middleweb.com/mw/msdiaries/02-03wklydi
http://www.govtech.net/news/news.phtml?docid=2003
Perhaps the issue is HOW technology is integrated and supported in the classroom!
Oh the ring of keys analogy really works for me. What planet is this guy living on? I am soon implementing a program where we are going to remove the power supplies from all computers in the company and servers achieving 100% airtight, bulletproof security and reducing support costs to nothing.
/sarcasm
snip/
"One of the biggest problems caused by diversity is that it become very difficult for the IT staff to maintain equal competence on all platforms. The IT staff will have to focus more resources on keeping these systems interoperating and have fewer resources available to concentrate on things like securing the site."
/snip
I would love to have my IT staff focusing on something other than the virus or patch of the week. They are getting real good at disinfecting and patching Microsoft machines.
This works both ways. I quit good paying job and completely changed carriers because my employers were "unethical bastards" several years ago. I was thought to be nuts by friends, family and coworkers. Now they think I am a genius. That company is almost gone and a tiny fraction of its former size and I am now a PHB who tries to be the anti- "unethical bastards".
Damage Studios trolling aside, any time you interview or read a resume it is your job to discriminate. Is this person the best fit for the position/team/department and admit it or not everything from where he or she has worked to the color of their socks should be evaluated.
MS Dos is included but not Windows 3.x.
>>Can someone name me an industry with indefinitely sustainable growth potential?
As long as the world's population continues to grow, there's at least one.
Agriculture.
Selling or supplying illegal drugs?
It constantly amazes me that I get paid a lot of money to play with computers and networks all day.
Love of technology will keep you looking for work when others get discouraged. The ability to understand your employers or clients business and work flow and find technological improvements will keep you employed.
Am I the only one who is kind of happy that people are no longer using time and talent to sell dog food to the masses online?
You raise many valid possible problems but I think there is a solution. Every character ages and dies naturally or by combat. This game would not be popular with people who enjoy raising stats and skills as quickly as possible so they can lord over the land with their god like powers. I think it would be popular with others who enjoy the process of building a character more than the eventual result (weekend warriors). We have many examples of the former and few or the latter.
It will still suck big time when the character you have put months into dies but the pain would be some what lessened if they were going to die in another month anyway. (over 50 death matches anyone?)
NWN will eventually get old
I am very intrigued by the idea of PD and I think it would add some interesting twists to an online game. IMHO you would have to structure the whole game around the PD system.
For example every character starts at the age of maturity for their specific race. Every race has a life expectancy of x years. All characters would eventually die of old age. The character would have a y% chance of dieing of old age relating to the +/- factor of x. A much lower factor of dieing from accident or disease could also be added. Some stats would be raised or lowered depending on the relationship to x. DEX decreases and WSD increases the closer you get to x.
Races with longer life expectancy would gain xp slower than short lived races. You could have a system where after you reach a specific xp threshold you could create another character who is heir the older character. This new character would inherit all of the banked stuff from the dieing character.
I would be interested to see what type of player community developed around this type of game. I would hope that it would lower the ratio of l33t d00dz.
And...
Do some research before the meeting. What is the state of technology in the school? Could you help repair school equipment, maintain web pages or tutor kids in the elementary school? Read the districts acceptable use policy to get a sense of where they stand on issues such as security, piracy and the like. It should be on the schools or the districts web site.
Their main concern will be that they are we turning hackers loose on the network. Be prepared to convince the administration that you have not crossed over to the dark side and that you will use your powers for good. Good luck.
When I started with my present employer about 18 months ago I was able to upgrade and reallocate six Proliant servers in two racks that where originally setup by someone who needed a few good wacks with the clue bat. I ended up with a spare 6000 and some leftover parts from the initial install two years prior. I loaded the two unused bays in the 6000 with cages, still in the box and installed the RAID controller, still in the box and bought a bunch of second hand 18Gb SCSI drives. I ended up with two 84.7Gb RAID 5 arrays to use on alternating nightly backups. During the day the nightly backup is copied to tape for off site and archival purposes. The best benefit is that except for testing I have not had to restore from tape since I implemented this and about 90% of the restores have been from the previous nights backup. Restoring from and copying to the SCSI drives is much faster than dealing with the tapes. We only backup about 40Gb a night so we have room to grow. I have lost one 18Gb drive but I still have four spares.
Don't tell anyone ...
/. is going to be all over the map. You could do the "tell no one" plan but your personal assets will be liable with out the protection of some type of corporation.
Is a bad idea if you have a nice house, car or other stuff that someone may sue you for over real or imagined damages.
Buy a couple of hours with a local attorney and accountant. Every state and municipality in the US has different regulations so the advice you are getting on
In my previous state I was up and running for less than $500. The attorney advised that zoning and association rules would not be violated if you were unable to tell I was running a business in my house and I could even use my home address. The possible problems he cited where signage and traffic. The accountant advised that it was very important to keep the business and personal monies separate and about tax strategies and their consequences.
In my current state I never made it past the attorney. The company was strictly for side work and not my main employment and I found that I would be taxed and feed out the wazoo by the state and the town. I would have to incorporate in Delaware and get a mail forwarding service and still get partially screwed by my state. So it is on the back burner for now.
If possible make your wife or mother 51% owner of the business so you can be a minority owned business. Good luck.
Police cars cordon off a modest home on a suburban street in Michigan, sirens blaring, lights flashing, helicopters thumping overhead.
Then you hear a voice through a bullhorn:
Come out with your hands up. Put the Linksys down and walk toward me slowly.
It depends on what the defination of "is" is.