God, I hate self-possessed tards who don't appreciate the work that other people do, and don't know what an OC3 or a metro-area disaster recovery plan is.
Jackass, I was bringing up OC3s when you were playing Xbox with your buddies after junior high let out.
As for your "metro area recovery plan", the best plan is to GET THE HELL OUT OF TOWN. These people are NON-ESSENTIAL. Bell South is plenty capable of bringing commo to City Hall without help from these guys. By remaining in their office, they are putting themselves at risk and, potential, soldier/police officer lives at risk when they need to be rescued.
for someone with such a low UserID and who, apparently, has been around here for a long time, I'm surprised that you don't understand the importance of keeping telephone lines up in emergency situations.
Again, leave this to the pros (Bell South). Two guys in an office building with some clean underwear and.45ACP ammo is not going to make a real difference.
Seriously, why is everybody so interested in some geek hanging out in an office (that looks fairly clean and lit), while there are people dying like flies all around him? Why is this guy wasting diesel fuel to run his OC3s? How about surrendering his fuel and office to the government/military/Red Cross so that someone can utilize these resources to save lives?
My company has been blocking foreign IP space for years. We are a retail outfit and we don't do business with China, Southeast Asia, South America, the Persian Gulf, Africa, or former Eastern Bloc nations. So, consequently, our mail servers block these guys. I use lists from the now-deceased blackholes.us site, plus other netblocks that I have culled on my own. Since blackholes.us is no longer operational, you can download my archive of these lists from me: http://saba.island.nu/blackholes/
Remember, this is a war that Bush decided he could start without the need for Congress to declare it.
Yes, jackass, our Constitution gives the President that power. Clinton went into Somalia without Congressional declaration of war. Kennedy and Johnson sent troops to Vietnam without Congressional declaration of war.
Don't blame Congressional decisions on Bush. He didn't make them, Congress did.
Here's a very simple solution to your problem. Take n servers (where n is the number of DB machines you have) and evenly split your user accounts across them. Then, use a simple hash table in your application to determine the server from which to query. Example:
Account Names Server a-c db01 d-g db02 h-j db03...
The key is to choose your boundaries so that each DB server holds a roughly equal number of account.
If you have a really, really busy database, you could split this across twenty or more servers, where each server is actually a cluster of machines doing replication.
Whatever. When I (voluntarily) left my six-figure/year tech job to enlist in the Army National Guard and return to college, I took a paycut that left me with exactly 10% of my previos pay.
Yes, it was a bit of a shock but I got along just fine. In fact, I was happier than I'd ever been. No, I couldn't drive a shiny new car any longer, nor could I live in a swank 2-bedroom condo but I have enough money to get by and pay my bills.
Now that I'm out of college, I live in $2000 take-home/month and pay $800/month in student loans (the Army's "money for college" is largely bullshit, I'm afraid), but I still live very, very comfortably. $6,300/mo, even before taxes, seems a bit excessive.
Outsource it, baby! I'm pretty sure that there are companies in India or Bangladesh which would forward e-mail to your father's Gmail account, one e-mail at a time!
Oh, and how can I forget? Should I Stay or Should I Go?, the story of two Apple Computer employees who are laid off when their project is cancelled but continue to show up to work everyday, sneaking in the door and hiding out in unused conference rooms, in order to complete their project.
The parent poster beat me to it. I highly recommend episodes of T.A.L. Depending on what OS you run, there are many options for transcoding these to MP3.
Here are some of my favorite episodes:
Telephone - Dad suspects that his child is using drugs. He secretly taps his son's phone line and is amazed at what he hears.
The Middle of Nowhere - The chronicle of a T.A.L. producer's fight with MCI to get a $950 overcharge reversed. Plus, the tiny island nation of Nauru and it's nefarious global reach.
Teenage Embed, Part 1 and Teenage Embed, Part 2. A Californian teenager of Afghan heritage travels to Afghanistan with his dad, who works for President Hamid Karzai. Fascinating.
Somewhere in the Arabian Sea - A week aboard the US aircraft carrier, USS John C. Stennis, during Operation Enduring Freedom.
The First Day - Itenerant pot-scrubber, "Dishwasher Pete", takes a job aboard an offshore drilling platform and prepares for the worst.
Backed Into a Corner - Quizno's employee runs store for a month after the owners vanish. Also, a great story about a truck driver who cannot read.
I'd recommend you trying OpenBSD. Contrary to the misinformation that is passed by most Slashdotters, OpenBSD is not just "for firewalls". It's a great, fast-performing, stable, "correct" BSD that has many, many nifty features. Oh, and it's secure-by-default.:)
I've been very pleased with my 64-bit machines running OpenBSD. I'm slowly moving all of our production FreeBSD 4.x and 5.x machines over to OpenBSD.
Let's stop this right now. Video games are not sports. Or even e-Sports. Sports, by definition, require physical exertion. Call them gamers, for sure, but don't put them in the same class as people who actually pry their collective asses out of the chair to go raise their heart rates for a few hours.:P
I give that "Can you hear me now?" guy's career about 5 more minutes after they roll out this feature.
Not that he cares. He's probably loaded by now. Doesn't he remind you of a marketing department guy from the dotcon days? They really should put him on a Razor scooter. He could cover more ground that way.
Normally, that countermeasure would be easy but most phishers are not programmers and are using canned PHP scripts that they obtained. The next logical step would be to spoof source IPs.
Even with a phisher blocking your IP, you'll still get thousands of bogus entries submitted before they get the block in place. A recent test run of my script submitted 1,800 bogus entries within a minute or two.
DoS attacks are very effective against phishing sites. Most phishing scams utilize a CGI that e-mails the captured data to an e-mail address somewhere. By using a script which generates random data (see my sig), you can quickly render a phisher's data collection. Several factors can contribute to this. First, the flood of fake data can obscure the data that was captured from actual victims, Secondly, you can overflow the SMTP server that the phisher is using to process the captures. Finally, you may be able to fill the mailbox to which the captured data is being sent, although this is a bit harder with things such as GMail. However, the flood of mail from a single host may trigger sanctions at a free e-mail provider.
As a sidebar, I'm going to be releasing a new version of my anti-phishing tools in the next few days. I've added functionality which generates real-looking names and e-mail addresses and credit card numbers with valid checksums.
Given the amount of equipment in Theo's server room and given the importance of this equipment to the project, why not construct a thermal shutdown device? How about a machine with a number of temperature probes around various points in the room, and when they all agree that the temperature is hot, they initiate shutdown+power-off procedures on the machines in the room? Now, I realize that some of the machines in the rack are older and may not have self-power-off abilities but it seems likely that enough of them could power down to make a difference.
I spent about 20 minutes poking around on Google and have come to the conclusion that most of the unlocking and modding tools for cell phones are very hard to find. My searching turned up, for the most part, people in Russia trying to sell collections of cell phone hacking utils.
So, what's the deal? Are these tools illegal to possess and that's why they are hard to find? Or, is it simply a matter of too much demand and too little bandwidth?
I'm kind of surprised that nobody has come up with a good, free alternative to RSA's SecurID system. For those that haven't seen it, it uses little hardware tokens (in the form of keyring fobs or credit card-sized units) that are synchronized with an authentication server. It seems to me like somebody could come up with a similar system that perhaps used a small Java app running on cell phones and PDAs to replace the key fob.
You can get a lot more than room temperature monitoring, if you want. I use a Davis Instruments weather station to monitor server room temperature as well as outside temperature, wind speed+direction, humidity, barometer, etc.
I use the Davis Weather Monitor II station, which can be picked up for about $350. Controlling the station from *NIX couldn't be more simple. I use the Device::WxM2 Perl module to pull data from my station. I wrote a small daemon that stores the data in RRDtool data files, as well as Perl Storables (a representation of a Perl data structure stored in a file). Another daemon monitors the current readings from the storables and sends e-mail to my pager if things go awry.
I even wrote an Asterisk AGI that speaks the weather to the caller. Call 1-866-859-7359 for a demo.
You should check out RTx::AssetTracker, an asset management extension to RT. Like RT, you can easily create custom fields to hold your router configs, firmware versions, etc.
Look, he's building a firewall for lab full of servers, not a dormroom experiment. Don't waste your time with "an old cheap pentium or something". Do it right.
Here's my recommendation:
Find two reliable, server-class machines. Take a look at this list and get two good gigabit NICs for each machine. (Why gbit NICs? Better performance, even on 100bT, due to better buffering).
Next, install OpenBSD 3.7 on both machines and finally, read this HOWTO and build yourself a redundant firewall with failover using pf, pfsync, and CARP.
Slashdot Mirror
God, I hate self-possessed tards who don't appreciate the work that other people do, and don't know what an OC3 or a metro-area disaster recovery plan is.
.45ACP ammo is not going to make a real difference.
Jackass, I was bringing up OC3s when you were playing Xbox with your buddies after junior high let out.
As for your "metro area recovery plan", the best plan is to GET THE HELL OUT OF TOWN. These people are NON-ESSENTIAL. Bell South is plenty capable of bringing commo to City Hall without help from these guys. By remaining in their office, they are putting themselves at risk and, potential, soldier/police officer lives at risk when they need to be rescued.
for someone with such a low UserID and who, apparently, has been around here for a long time, I'm surprised that you don't understand the importance of keeping telephone lines up in emergency situations.
Again, leave this to the pros (Bell South). Two guys in an office building with some clean underwear and
Seriously, why is everybody so interested in some geek hanging out in an office (that looks fairly clean and lit), while there are people dying like flies all around him? Why is this guy wasting diesel fuel to run his OC3s? How about surrendering his fuel and office to the government/military/Red Cross so that someone can utilize these resources to save lives?
God, I hate bloggers.
My company has been blocking foreign IP space for years. We are a retail outfit and we don't do business with China, Southeast Asia, South America, the Persian Gulf, Africa, or former Eastern Bloc nations. So, consequently, our mail servers block these guys. I use lists from the now-deceased blackholes.us site, plus other netblocks that I have culled on my own. Since blackholes.us is no longer operational, you can download my archive of these lists from me: http://saba.island.nu/blackholes/
Remember, this is a war that Bush decided he could start without the need for Congress to declare it.
Yes, jackass, our Constitution gives the President that power. Clinton went into Somalia without Congressional declaration of war. Kennedy and Johnson sent troops to Vietnam without Congressional declaration of war.
Don't blame Congressional decisions on Bush. He didn't make them, Congress did.
I have a fundimental problem taxing people in North Dakota and Virginia to pay for protection for people who built homes below sea level.
Yeah, why should North Dakotans pay! They know better than to build houses in places that flood!
Wonder if Congress will look into this?
Why? They already know what happened! Congress, not Bush, was responsible for cutting the funding.
Here's a very simple solution to your problem. Take n servers (where n is the number of DB machines you have) and evenly split your user accounts across them. Then, use a simple hash table in your application to determine the server from which to query. Example:
...
Account Names Server
a-c db01
d-g db02
h-j db03
The key is to choose your boundaries so that each DB server holds a roughly equal number of account.
If you have a really, really busy database, you could split this across twenty or more servers, where each server is actually a cluster of machines doing replication.
Chris
Whatever. When I (voluntarily) left my six-figure/year tech job to enlist in the Army National Guard and return to college, I took a paycut that left me with exactly 10% of my previos pay.
Yes, it was a bit of a shock but I got along just fine. In fact, I was happier than I'd ever been. No, I couldn't drive a shiny new car any longer, nor could I live in a swank 2-bedroom condo but I have enough money to get by and pay my bills.
Now that I'm out of college, I live in $2000 take-home/month and pay $800/month in student loans (the Army's "money for college" is largely bullshit, I'm afraid), but I still live very, very comfortably. $6,300/mo, even before taxes, seems a bit excessive.
Outsource it, baby! I'm pretty sure that there are companies in India or Bangladesh which would forward e-mail to your father's Gmail account, one e-mail at a time!
Oh, and how can I forget? Should I Stay or Should I Go?, the story of two Apple Computer employees who are laid off when their project is cancelled but continue to show up to work everyday, sneaking in the door and hiding out in unused conference rooms, in order to complete their project.
The parent poster beat me to it. I highly recommend episodes of T.A.L. Depending on what OS you run, there are many options for transcoding these to MP3.
Here are some of my favorite episodes:
Telephone - Dad suspects that his child is using drugs. He secretly taps his son's phone line and is amazed at what he hears.
The Middle of Nowhere - The chronicle of a T.A.L. producer's fight with MCI to get a $950 overcharge reversed. Plus, the tiny island nation of Nauru and it's nefarious global reach.
Teenage Embed, Part 1 and Teenage Embed, Part 2. A Californian teenager of Afghan heritage travels to Afghanistan with his dad, who works for President Hamid Karzai. Fascinating.
Somewhere in the Arabian Sea - A week aboard the US aircraft carrier, USS John C. Stennis, during Operation Enduring Freedom.
The First Day - Itenerant pot-scrubber, "Dishwasher Pete", takes a job aboard an offshore drilling platform and prepares for the worst.
Backed Into a Corner - Quizno's employee runs store for a month after the owners vanish. Also, a great story about a truck driver who cannot read.
The codename "glassfish" doesn't inspire a lot of confidence in this product. May I suggest "stonefish", "rockfish", or perhaps "swordfish"?
I'd recommend you trying OpenBSD. Contrary to the misinformation that is passed by most Slashdotters, OpenBSD is not just "for firewalls". It's a great, fast-performing, stable, "correct" BSD that has many, many nifty features. Oh, and it's secure-by-default.
I've been very pleased with my 64-bit machines running OpenBSD. I'm slowly moving all of our production FreeBSD 4.x and 5.x machines over to OpenBSD.
Chris
Let's stop this right now. Video games are not sports. Or even e-Sports. Sports, by definition, require physical exertion. Call them gamers, for sure, but don't put them in the same class as people who actually pry their collective asses out of the chair to go raise their heart rates for a few hours.
</soapbox>
I give that "Can you hear me now?" guy's career about 5 more minutes after they roll out this feature.
Not that he cares. He's probably loaded by now. Doesn't he remind you of a marketing department guy from the dotcon days? They really should put him on a Razor scooter. He could cover more ground that way.
Normally, that countermeasure would be easy but most phishers are not programmers and are using canned PHP scripts that they obtained. The next logical step would be to spoof source IPs.
Even with a phisher blocking your IP, you'll still get thousands of bogus entries submitted before they get the block in place. A recent test run of my script submitted 1,800 bogus entries within a minute or two.
DoS attacks are very effective against phishing sites. Most phishing scams utilize a CGI that e-mails the captured data to an e-mail address somewhere. By using a script which generates random data (see my sig), you can quickly render a phisher's data collection. Several factors can contribute to this. First, the flood of fake data can obscure the data that was captured from actual victims, Secondly, you can overflow the SMTP server that the phisher is using to process the captures. Finally, you may be able to fill the mailbox to which the captured data is being sent, although this is a bit harder with things such as GMail. However, the flood of mail from a single host may trigger sanctions at a free e-mail provider.
As a sidebar, I'm going to be releasing a new version of my anti-phishing tools in the next few days. I've added functionality which generates real-looking names and e-mail addresses and credit card numbers with valid checksums.
Chris
Given the amount of equipment in Theo's server room and given the importance of this equipment to the project, why not construct a thermal shutdown device? How about a machine with a number of temperature probes around various points in the room, and when they all agree that the temperature is hot, they initiate shutdown+power-off procedures on the machines in the room? Now, I realize that some of the machines in the rack are older and may not have self-power-off abilities but it seems likely that enough of them could power down to make a difference.
I spent about 20 minutes poking around on Google and have come to the conclusion that most of the unlocking and modding tools for cell phones are very hard to find. My searching turned up, for the most part, people in Russia trying to sell collections of cell phone hacking utils.
So, what's the deal? Are these tools illegal to possess and that's why they are hard to find? Or, is it simply a matter of too much demand and too little bandwidth?
I'm kind of surprised that nobody has come up with a good, free alternative to RSA's SecurID system. For those that haven't seen it, it uses little hardware tokens (in the form of keyring fobs or credit card-sized units) that are synchronized with an authentication server. It seems to me like somebody could come up with a similar system that perhaps used a small Java app running on cell phones and PDAs to replace the key fob.
You can get a lot more than room temperature monitoring, if you want. I use a Davis Instruments weather station to monitor server room temperature as well as outside temperature, wind speed+direction, humidity, barometer, etc.
I use the Davis Weather Monitor II station, which can be picked up for about $350. Controlling the station from *NIX couldn't be more simple. I use the Device::WxM2 Perl module to pull data from my station. I wrote a small daemon that stores the data in RRDtool data files, as well as Perl Storables (a representation of a Perl data structure stored in a file). Another daemon monitors the current readings from the storables and sends e-mail to my pager if things go awry.
I even wrote an Asterisk AGI that speaks the weather to the caller. Call 1-866-859-7359 for a demo.
Sorry, but you are wrong. See the previous comment.
You should check out RTx::AssetTracker, an asset management extension to RT. Like RT, you can easily create custom fields to hold your router configs, firmware versions, etc.
Demo here.
Look, he's building a firewall for lab full of servers, not a dormroom experiment. Don't waste your time with "an old cheap pentium or something". Do it right.
Here's my recommendation:
Find two reliable, server-class machines. Take a look at this list and get two good gigabit NICs for each machine. (Why gbit NICs? Better performance, even on 100bT, due to better buffering).
Next, install OpenBSD 3.7 on both machines and finally, read this HOWTO and build yourself a redundant firewall with failover using pf, pfsync, and CARP.
Good luck!
Chris
Well, by posting your password sheme here, you give any atacker trying to brute force them 3-4 orders of magnitude lower problem compexity.
My office shares a dumpster with a sushi restaurant. If you want to dig through four-day-old raw fish and look for my Post It notes, be my guest!