Describes how to generate useless bloatware using techniques derived from the favoured tactics of the front row - futile, irritating and devoid of any entertainment value.
It's not so much the security measures, as how they are implemented.
For instance, a sensibly configured (deny all except what is expressly required) firewall would have stopped the SQL Slammer worm, but wouldn't necessarily work against an attack launched against port 80, for example. Good network security, as with good physical security, requires a certain element of paranoia - simply sticking a firewall in front of a box will not guarantee security.
You ask why a firewall would fail in the case of SQL Slammer. There are two possible scenarios - explicitly allowing port 1434 connections would be one, misconfiguration would be the other.
I don't have numbers, but would say that anyone with a firewall that got affected by SQL Slammer should seriously question their firewall policy and possibly kill the admin responsible.
I was going to use my last mod point on you, but prefer to agree with you directly.
If you can't make your page display with straight HTML (I've even got a philosophical objection to frames), then I for one don't want your fscking javascript.
I will not accept your poxy ActiveX controls, don't want pop-up ads or FLash - I browse for information, and anything that gets in the way for the sake of pretty makes me mad.
It's just not for putting in coffee, or tea (it's what we Brits like to drink sometimes).
Good coffee should remind one of top quality dark chocolate, bitter and soothing. Good tea needs no adulteration - the only excuse for milk is if you use Yorkshire Tea, aka floorsweepings.
Full fat Milk is for drinking on it's own - it's refreshing and good for you. Even pasteurisation fucks up the taste of milk - so don't even mention semi-skimmed!
to wait for the paper to be published before posting this for the inevitable ill-informed comments.
Since we don't know (apart from some journo's brief and possibly misinterpreted summary) what Mr Park has come up with, there's really no point in either praising or condemning it.
Probably not. Looking at the design, it looks rather like a pulse jet, and appears to operate on similar lines.
Now pulse jets (as used on the V-1 'buzz bomb' in WWII) are inherently loud. Fucking loud. Loud enough that noone uses them commercially, even though they're cheap, simple and relatively efficient.
I wonder what sort of noise the shock wave of the rapidly decompressing steam makes?
No - just slightly less venal and more amenable to reasoned argument (unless Tony says 'No'). I've used the faxyourmp service, and must admit that I did eventually get a response (some 6 weeks later, when the New Labour Politburo had finished writing the form letter for MPs to sign).
I've just had the second form letter, telling me what a bad lad Saddam is and why I should care, but since it's obviously Labour Central Office trying to boilerplate me, I never read it all;)
Accenture?
That'd be the artists formerly known as Andersen Consulting?
Serious business types?
More like overpaid history graduates with no experience or skills being paid to fsck up industry...
Not surprised their former CEO managed to burn a billion - wonder how much of that went in consulting fees, marketing design / consultancy, etc. Most of that billion is probably sitting pretty in nice warm accounts in nice warm tax havens.
Consultants are like leeches, only less useful and far more expensive.
a site dedicated to publishing the names and CVs of those admins found to be failing badly?
A sort of 'virtual pillory' for those lazy incompetents who fail to pay attention to their responsibilities?
If such a site gained currency, the incentives not to be listed on it might make even the most stupid of MCSEs sit up and take notice, secure their servers, and become good citizens.
Let's start with the fool responsible for the RIAA server - defaced IIRC 4 times in the last 6 months or so.
Failure to take good care of what you're responsible for isn't a crime, but it is negligent.
All I'm arguing for is for people to take some responsibility for their systems - I'm totally agnostic as to how we punish the actual trespassers, but would feel justified in publicly vilifying any sysadmin who fails to secure his systems properly.
What the graffiti tells you is that you were running a hackable system to start with.
At a rough guess, the proportion of servers hacked using undocumented and unfixed vulnerabilities is pretty close to zero. Most of these 'crackers' are using well known vulnerabilities that the intelligent and conscientious sysadmin will have patched at the earliest opportunity.
The fact that an intrusion can cost you a lot of time (though a full server rebuild and restoration of a known good backup doesn't take too long) should make you more conscientous in your job, not less.
If you have patched everything to the hilt, set sensible firewall rules, and set up security on your various servers correctly, and still get hit - then you're very unlucky, 'cause being hit by an undisclosed vulnerability is (thankfully) as rare as rocking-horse shit.
Must have touched a nerve there with your little narrow mind. My point is that people get paid a lot of money for administering servers etc., especially when compared with the poor guy behind the counter at the off-licence (that's a liquor store to you) who's in constant danger of a mugging or worse.
Force them to read/. at (-1), with all the flamebait, shite spelling and poor grammar that that entails.
Then make them translate one day's worth of/. into intellegible human language.
That'll put 'em off...
Seriously, though - it's not the 15 year old who should be punished - it's the well paid but idle sysadmin who allows his web server to be graffitised. 15 year old skiddies almost never have access to unfixed security holes, so it's not their fault that some fat idle webmaster can't keep his patching up to date.
No - the CEO of SearchKing (can one man and his dog have a CEO?) isn't that clever. He's a whiny little shit who was trying to make money off the back of Google's PageRank, and has been foiled in his attempts to make money out of others' work.
He's a parasite, no better than a ticket tout or a pimp.
I hope not - Vinny's not a good lawyer, but he is good at seeing all the angles and would soon conclude that SearchKing hasn't got even the bones of a case.
The guy needs OJ's team if he's going to get a penny, let alone an injunction.
Slashdot Mirror
Describes how to generate useless bloatware using techniques derived from the favoured tactics of the front row - futile, irritating and devoid of any entertainment value.
For instance, a sensibly configured (deny all except what is expressly required) firewall would have stopped the SQL Slammer worm, but wouldn't necessarily work against an attack launched against port 80, for example.
Good network security, as with good physical security, requires a certain element of paranoia - simply sticking a firewall in front of a box will not guarantee security.
You ask why a firewall would fail in the case of SQL Slammer.
There are two possible scenarios - explicitly allowing port 1434 connections would be one, misconfiguration would be the other.
I don't have numbers, but would say that anyone with a firewall that got affected by SQL Slammer should seriously question their firewall policy and possibly kill the admin responsible.
I was going to use my last mod point on you, but prefer to agree with you directly.
If you can't make your page display with straight HTML (I've even got a philosophical objection to frames), then I for one don't want your fscking javascript.
I will not accept your poxy ActiveX controls, don't want pop-up ads or FLash - I browse for information, and anything that gets in the way for the sake of pretty makes me mad.
As for CSS....
All your files are belong to us!
I'm glad I'm from plucky, independent Britain, and not from some US vassal state...
It's just not for putting in coffee, or tea (it's what we Brits like to drink sometimes).
Good coffee should remind one of top quality dark chocolate, bitter and soothing.
Good tea needs no adulteration - the only excuse for milk is if you use Yorkshire Tea, aka floorsweepings.
Full fat Milk is for drinking on it's own - it's refreshing and good for you.
Even pasteurisation fucks up the taste of milk - so don't even mention semi-skimmed!
Since we don't know (apart from some journo's brief and possibly misinterpreted summary) what Mr Park has come up with, there's really no point in either praising or condemning it.
Probably not.
Looking at the design, it looks rather like a pulse jet, and appears to operate on similar lines.
Now pulse jets (as used on the V-1 'buzz bomb' in WWII) are inherently loud.
Fucking loud.
Loud enough that noone uses them commercially, even though they're cheap, simple and relatively efficient.
I wonder what sort of noise the shock wave of the rapidly decompressing steam makes?
I've used the faxyourmp service, and must admit that I did eventually get a response (some 6 weeks later, when the New Labour Politburo had finished writing the form letter for MPs to sign).
I've just had the second form letter, telling me what a bad lad Saddam is and why I should care, but since it's obviously Labour Central Office trying to boilerplate me, I never read it all ;)
Nuff said.
You made the point I wanted to, only less rude.
I'm so blind, I can't read the writing on the wall...
Since when did asking a question of the user on installation become nerdy?
That'd be the artists formerly known as Andersen Consulting?
Serious business types?
More like overpaid history graduates with no experience or skills being paid to fsck up industry...
Not surprised their former CEO managed to burn a billion - wonder how much of that went in consulting fees, marketing design / consultancy, etc.
Most of that billion is probably sitting pretty in nice warm accounts in nice warm tax havens.
Consultants are like leeches, only less useful and far more expensive.
Never fear - Apartheid will live on in Israel.
Never seen it before, but then I've been around too long.
A sort of 'virtual pillory' for those lazy incompetents who fail to pay attention to their responsibilities?
If such a site gained currency, the incentives not to be listed on it might make even the most stupid of MCSEs sit up and take notice, secure their servers, and become good citizens.
Let's start with the fool responsible for the RIAA server - defaced IIRC 4 times in the last 6 months or so.
All I'm arguing for is for people to take some responsibility for their systems - I'm totally agnostic as to how we punish the actual trespassers, but would feel justified in publicly vilifying any sysadmin who fails to secure his systems properly.
At a rough guess, the proportion of servers hacked using undocumented and unfixed vulnerabilities is pretty close to zero. Most of these 'crackers' are using well known vulnerabilities that the intelligent and conscientious sysadmin will have patched at the earliest opportunity.
The fact that an intrusion can cost you a lot of time (though a full server rebuild and restoration of a known good backup doesn't take too long) should make you more conscientous in your job, not less.
If you have patched everything to the hilt, set sensible firewall rules, and set up security on your various servers correctly, and still get hit - then you're very unlucky, 'cause being hit by an undisclosed vulnerability is (thankfully) as rare as rocking-horse shit.
Must have touched a nerve there with your little narrow mind.
My point is that people get paid a lot of money for administering servers etc., especially when compared with the poor guy behind the counter at the off-licence (that's a liquor store to you) who's in constant danger of a mugging or worse.
They ought to do their jobs properly.
Then make them translate one day's worth of /. into intellegible human language.
That'll put 'em off...
Seriously, though - it's not the 15 year old who should be punished - it's the well paid but idle sysadmin who allows his web server to be graffitised. 15 year old skiddies almost never have access to unfixed security holes, so it's not their fault that some fat idle webmaster can't keep his patching up to date.
He's a parasite, no better than a ticket tout or a pimp.
The guy needs OJ's team if he's going to get a penny, let alone an injunction.
Damn - I meant stop wanking...
Looks like a Dalek panel on it's side!
Now I definitely want one.