It not just douchebags. Consider the noob who goes googling for a solution and someone says rm -rf/
It's a feature for the enterprise customer that's already built-in. It's called corporate access management or "not giving users root" in rocket science terms.
Go try it in a virtual machine or a box you're about to reformat. It may not delete system files, but it eventually recurses on down to files you can delete and trashes 'em.
This is also an already provided feature for the enterprise customer. It's called application management or "removing a package" in rocket science terms.
Funny how both Ubuntu and Fedora have 'application management'--yet I can download a tarball, compile it, and run it...
And before you say 'noexec', I just checked my/tmp folder and it isn't mounted noexec...
The point is, you can lock machines down reasonably well just by not giving out the root password. Sure, a user can mess up her home directory, but she can't damage system directories.
I don't recall group policy offering the ability to block 'cscript c:\documen...ings\dork user\desktop\myshittyscript.vbs'
Adn how long would it take me to SSH into 40,000 desktops to update Adobe Reader 8 to Adobe Reader 9, because there is some new feature that someone decided we just have to implement?
How long to copy the browser link to 40,000 desktops to comply with a mandatory ethics reporting plan we had to put in place? How long to patch 40,000 kernels for a security hole that must be resolved within 72 hours due to Corporate Information Security policy?
you guys that complain about heavy handed IT policies don't realize, that we don't even drive a lot of this stuff. If it was an IT idea, no one would ever give us the money we need to buy these tools. It's all driven from the top down.
I use it to patch and update ~ 15 linux machines at the same time--in about 3 minutes. Patching a comparative number of Windows servers takes 30 minutes and a reboot.
In all seriousness though, cssh might not work so well for 40,000 machines. You'd probably have to have a 70 inch monitor...
Never underestimate the the cleverness of douchebags. Even if they all are piss and vinegar...
It not just douchebags. Consider the noob who goes googling for a solution and someone says rm -rf/
You need a decent way of preventing noobs from messing with stuff they shouldn't. Then you need a good way of deterring people from screwing off--like locking down games and maybe the desktop background. Finally, you need a great system to try and prevent actively malicious users, like someone installing a remote access program shortly before getting fired.
Yes, this is absolutely a lobbying ploy. How the hell do they know "exactly which computer the information came from" unless they had direct access to the defense contractor's computers?
It was pretty easy. The first 15 computers we walked up to said "Press CTRL+ALT+DEL to login". The 16th computer was already logged in as "DEFCONTR\administrator" and had the Kazaa icon in the systray.
The poster implied that that using something other than Windows would have been better. I posit that this particular user would have screwed the pooch no matter what OS they were on. This was not a built-in vulnerability of Windows (of which there are many). This was a built-in vulnerability of being an idiot user.
Bah! I'd bet if they were using something like MS-DOS, or even a BSD variant, it never would have happened.
The user--who is obviously a moron (installed filesharing software at work on classified computers), probably wouldn't be able to install filesharing software on *BSD, and they sure as hell wouldn't be able to find software for MS-DOS.
So yeah--BSD is more secure that Windows--especially when dealing with retards.
Re Verisign. If the US government is sincere about listening to the public, the overwhelming majority of comments were fine with just having ICANN "sign the root" leaving Verisign (0 votes) out of the equation. Listening to the global Internet community would be a big step by the new Administration toward rebuilding America's reputation overseas.
As I understand it, the overseas opinion is that Americas 'reputation overseas' was destroyed when that 'crook' Bush 'invaded' Iraq.
So you're telling me those same nutjobs are suddenly going to forgive America because some low-level dork in a new administration signs the DNS root?
Note to self: Left-wing nut jobs are even crazier than I thought.
So you do have to take part, because the browser makers have decided that self-signed SSL is deserving of error messages due to being somehow less secure than plain http. Therefore making it a "racket" instead of just a "scam".
No, browser makers have decided that certificates not added to their 'trusted' certificate list are deseerving of error messages due to it being the way encrypted communications are supposed to work.
My ISP ups the cap from 10 (or 12) to whopping 18, and opens port 25. That's it. And for only 100 Euro[1] rather than 40. Don't presume to tell other people they aren't being ripped off when your fat hummer driving ass doesn't even know what their tariff structure is, OK?
[1] I guess you don't know what that is, you fat prick. It's siimilar to a dollar, but worth something.
Sorry--my white American, hummer-driving ass forgot there was a part of the planet called "Not America".
But seeing as how I typed in slashdot.org, and not slashdot.org.uk, I assumed we would be talking about American ISPs.
You know--kinda like when I dial *1*-800-FUCK-OFF, I don't want to press '1' for english and '2' for spanish--I already dialed *1*-800... and not 0111536-FUCKO-FF1 or whatever the Mexican international prefix is.
Will they even let you get business class? My ISP (Time Warner) simply refuses to sell business class to a building zoned residential.
It seems dumb to me that a company would refuse to sell a higher-priced service to anyone--especially a home user that is already downloading a metric shit-ton of data. (Where metric shit-ton is equal to a number double the amount of the current providers bandwidth cap.)
they may well replace the machine when it fails but what about the downtime,
I doubt people who need the five nine's are going to be renting servers. Facebook, Google, Microsoft, etc...they probably don't rent servers.
But there's a market for people like me who can't go out and spend $1,000 on a server, and shipping, followed by colo prices. But I can afford $60/mo for a box, remote hands when it's occasionally needed, and someone to fix any hardware problems.
I'm also not doing enterprise hosting. I mainly host small websites for family and friends. There are a few 'business' sites on there, but they usually get under 1,000 hits per months, so their main concern isn't paying for their own server with five nines, but rather some very cheap hosting.
and what about your data if the drives fail?
Every 5 days, my server at my house does a full backup (BackupPC), followed by a incremental backups daily. I store full backups for 3 months, and incrementals for 30 days.
If the hardware ever dies, my hosting provider simply has to get Ubuntu reinstalled and get ssh up and running. Then I'll connect in and dpkg --set-selections followed by restoring the backup.
Consider that $60/month (is that all on hardware, or is it the full price of the service?)... in 12 months you have paid $720, a pretty decent server could be had for that.
The $60/mo is for the hardware, bandwidth, occasional remote-hands, ssh-based serial console, and the cell phone number for the guy who runs the place. But you do make a good point--I should call him and find out how my rates would be affected by putting my own colo server in there--it's tax time, and I'm looking at a refund that could buy a nice 1U.
Will the colo provider upgrade your hardware in the future, or will you be stuck with the original machine? For a rental, i would expect to receive an upgrade to the current model every few years...
They can't just come in and upgrade your machine--but I can start renting another server for $60/mo which today will give me a slightly faster and newer machine. Then I can transfer all my sites to the new machine and stop paying for the old one. Upgrade.
I would prefer to buy a decent quality server and host that, that way i know what i'm getting, and a decent server will have remote console capability and thermal monitoring etc too.
Agreed--but I'm not a big-time hosting provider.
Personally, I'd love to have a few of these servers at my disposal. One for mail, one for mysql, one for websites, and one just to sit there rack up uptime.
No, not really.
You pay more for business class, and they do things like ignore the stupid 250 GB home-user cap, or unblock port 25 since they expect businesses to have IT people.
I have working USB on my computer. Why the hell do I need to install a Motorola XP driver to charge my RAZR?
You don't have to install the Motorola Driver for XP. You could just install Linux. It charges without having to go driver hunting. And it works for more than just Moto Razrs. It works with every other USB phone too, plus PDA's. Stupid Microsoft.
I wouldn't sell the equipment. If you have a colo you already do business with and a lot of extra server hardware, try subleasing it to someone you think might need some extra server capacity.
Sure, it's a lot of work to find customers, but with that much hardware sitting around you have a lot to offer.
I was going to suggest the same thing. I rent a few servers from my favorite colo provider. I just keep paying them $60 per server until the end of time and they make sure the hardware works and I have connectivity. You could probably make a decent amount off renting them--or at least a better amount than the $0 you'd be earning with them in your garage. The downside is if you suddenly need them back. You'd have to give the customers fair warning to get their stuff moved to a new machine.
Actually, there are about 2 million American workers who work for less than $0.41/hr. Of course, they're all in prison - but why nitpick?
All we have to do to compete in the global economy is imprison the entire country. That way American companies don't have to abide by such provincial concepts as safety regulations, labor laws, retirement and health benefits; and American workers never have to worry about a lack of employment.
Win-Win!
It boils down to this: What are you going to do about it?
If the 'poor Chinese workers' aren't going to do anything to help themselves, you have to decide if it's within your right and moral authority to do something about it,
Maybe you could write an angry letter to a Chinese company and demand they pay their workers more.
You could take a harder stance and stop shopping at WalMart and any other company that buys goods from China (hopefully you aren't on a tight budget--because if they start paying their iPod and iPhone assemblers more, you will pay more).
If all else fails, you have to decide if their freedom is worth dying for. Would you be willing (along with a lot of other people) to go over as an armed group and free them?
If you're not willing to do anything about it, don't whine about it.
Of course, the obvious alternative would be for people to just dig out their old copies of Windows 3.1.
Windows 3.1 had no built in network stack. Microsoft wanted their own propietary service at the time. Third party vendors were the only source if you wanted the internet.
I don't know why dattaway was modded Troll--he's correct. Look at the Winsock article...
Specifically the bullet points that say:
* Microsoft did not supply an implementation of Winsock 1.0.
* Version 1.1 of Winsock was supplied in an add-on package (called Wolverine) for Windows for Workgroups (code named Snowball). It was an integral component of Windows 95 and Windows NT 3.x.
I don't see how mx2 and nas1 are more informative than daffy or kirk.
Ofcourse if you've got lots of servers that are essentially the same, then it makes sense to call them daffy00 - daffy99.
Maybe I will get a *whoosh* for this, but MX is Mail eXchanger and NAS is Network Attached Storage...so mx1, mx2, mx3, etc... are all mail servers. mx4.mxc1.domain.com is the 4th mail exchanger in the 1st cluster of mail exchangers...
that's why we have these great things called LISTS. See, a list is an example of something called "documentation". in documentation, you write down things about your environment that are not easily remembered or intuited. i know most sysadmins think their job is just to condense their whole job into as concise a shell script as possible, but documentation is helpful, too.
problem solved.
Bah! That requires your boss or client to pay you to write the documentation.
Slashdot Mirror
It not just douchebags. Consider the noob who goes googling for a solution and someone says rm -rf /
It's a feature for the enterprise customer that's already built-in. It's called corporate access management or "not giving users root" in rocket science terms.
Go try it in a virtual machine or a box you're about to reformat. It may not delete system files, but it eventually recurses on down to files you can delete and trashes 'em.
This is also an already provided feature for the enterprise customer. It's called application management or "removing a package" in rocket science terms.
Funny how both Ubuntu and Fedora have 'application management'--yet I can download a tarball, compile it, and run it...
/tmp folder and it isn't mounted noexec...
And before you say 'noexec', I just checked my
noexec doesn't prevent: perl ./some_script_here
The point is, you can lock machines down reasonably well just by not giving out the root password. Sure, a user can mess up her home directory, but she can't damage system directories.
I don't recall group policy offering the ability to block 'cscript c:\documen...ings\dork user\desktop\myshittyscript.vbs'
Adn how long would it take me to SSH into 40,000 desktops to update Adobe Reader 8 to Adobe Reader 9, because there is some new feature that someone decided we just have to implement?
How long to copy the browser link to 40,000 desktops to comply with a mandatory ethics reporting plan we had to put in place? How long to patch 40,000 kernels for a security hole that must be resolved within 72 hours due to Corporate Information Security policy?
you guys that complain about heavy handed IT policies don't realize, that we don't even drive a lot of this stuff. If it was an IT idea, no one would ever give us the money we need to buy these tools. It's all driven from the top down.
Perhaps you've never heard of cssh?
I use it to patch and update ~ 15 linux machines at the same time--in about 3 minutes. Patching a comparative number of Windows servers takes 30 minutes and a reboot.
In all seriousness though, cssh might not work so well for 40,000 machines. You'd probably have to have a 70 inch monitor...
Never underestimate the the cleverness of douchebags. Even if they all are piss and vinegar...
It not just douchebags. Consider the noob who goes googling for a solution and someone says rm -rf /
You need a decent way of preventing noobs from messing with stuff they shouldn't. Then you need a good way of deterring people from screwing off--like locking down games and maybe the desktop background. Finally, you need a great system to try and prevent actively malicious users, like someone installing a remote access program shortly before getting fired.
Yes, this is absolutely a lobbying ploy. How the hell do they know "exactly which computer the information came from" unless they had direct access to the defense contractor's computers?
It was pretty easy. The first 15 computers we walked up to said "Press CTRL+ALT+DEL to login". The 16th computer was already logged in as "DEFCONTR\administrator" and had the Kazaa icon in the systray.
Windows is a gaming OS for x86 hardware. It's target audience are gamers.
We shouldn't be using a gaming OS for serious work, should we?
[citation--wait, red queen on black king--needed]
The poster implied that that using something other than Windows would have been better. I posit that this particular user would have screwed the pooch no matter what OS they were on. This was not a built-in vulnerability of Windows (of which there are many). This was a built-in vulnerability of being an idiot user.
Bah! I'd bet if they were using something like MS-DOS, or even a BSD variant, it never would have happened.
The user--who is obviously a moron (installed filesharing software at work on classified computers), probably wouldn't be able to install filesharing software on *BSD, and they sure as hell wouldn't be able to find software for MS-DOS.
So yeah--BSD is more secure that Windows--especially when dealing with retards.
"Left wing nuts" are exactly as crazy as "right wing nuts": totally insane.
Yes I am. ;)
Re Verisign. If the US government is sincere about listening to the public, the overwhelming majority of comments were fine with just having ICANN "sign the root" leaving Verisign (0 votes) out of the equation. Listening to the global Internet community would be a big step by the new Administration toward rebuilding America's reputation overseas.
As I understand it, the overseas opinion is that Americas 'reputation overseas' was destroyed when that 'crook' Bush 'invaded' Iraq.
So you're telling me those same nutjobs are suddenly going to forgive America because some low-level dork in a new administration signs the DNS root?
Note to self: Left-wing nut jobs are even crazier than I thought.
So you do have to take part, because the browser makers have decided that self-signed SSL is deserving of error messages due to being somehow less secure than plain http. Therefore making it a "racket" instead of just a "scam".
No, browser makers have decided that certificates not added to their 'trusted' certificate list are deseerving of error messages due to it being the way encrypted communications are supposed to work.
My ISP ups the cap from 10 (or 12) to whopping 18, and opens port 25. That's it. And for only 100 Euro[1] rather than 40. Don't presume to tell other people they aren't being ripped off when your fat hummer driving ass doesn't even know what their tariff structure is, OK?
[1] I guess you don't know what that is, you fat prick. It's siimilar to a dollar, but worth something.
Sorry--my white American, hummer-driving ass forgot there was a part of the planet called "Not America".
But seeing as how I typed in slashdot.org, and not slashdot.org.uk, I assumed we would be talking about American ISPs.
You know--kinda like when I dial *1*-800-FUCK-OFF, I don't want to press '1' for english and '2' for spanish--I already dialed *1*-800... and not 0111536-FUCKO-FF1 or whatever the Mexican international prefix is.
Zark off.
Why would they even be giving out a secret prototype to an executive? Shouldn't it be behind a locked door? Or was this just a way to generate hype?
At least we know their new prototype sucks balls and doesn't have GPS...
Will they even let you get business class? My ISP (Time Warner) simply refuses to sell business class to a building zoned residential.
It seems dumb to me that a company would refuse to sell a higher-priced service to anyone--especially a home user that is already downloading a metric shit-ton of data. (Where metric shit-ton is equal to a number double the amount of the current providers bandwidth cap.)
they may well replace the machine when it fails but what about the downtime,
I doubt people who need the five nine's are going to be renting servers. Facebook, Google, Microsoft, etc...they probably don't rent servers.
But there's a market for people like me who can't go out and spend $1,000 on a server, and shipping, followed by colo prices. But I can afford $60/mo for a box, remote hands when it's occasionally needed, and someone to fix any hardware problems.
I'm also not doing enterprise hosting. I mainly host small websites for family and friends. There are a few 'business' sites on there, but they usually get under 1,000 hits per months, so their main concern isn't paying for their own server with five nines, but rather some very cheap hosting.
and what about your data if the drives fail?
Every 5 days, my server at my house does a full backup (BackupPC), followed by a incremental backups daily. I store full backups for 3 months, and incrementals for 30 days.
If the hardware ever dies, my hosting provider simply has to get Ubuntu reinstalled and get ssh up and running. Then I'll connect in and dpkg --set-selections followed by restoring the backup.
Consider that $60/month (is that all on hardware, or is it the full price of the service?)... in 12 months you have paid $720, a pretty decent server could be had for that.
The $60/mo is for the hardware, bandwidth, occasional remote-hands, ssh-based serial console, and the cell phone number for the guy who runs the place. But you do make a good point--I should call him and find out how my rates would be affected by putting my own colo server in there--it's tax time, and I'm looking at a refund that could buy a nice 1U.
Will the colo provider upgrade your hardware in the future, or will you be stuck with the original machine? For a rental, i would expect to receive an upgrade to the current model every few years...
They can't just come in and upgrade your machine--but I can start renting another server for $60/mo which today will give me a slightly faster and newer machine. Then I can transfer all my sites to the new machine and stop paying for the old one. Upgrade.
I would prefer to buy a decent quality server and host that, that way i know what i'm getting, and a decent server will have remote console capability and thermal monitoring etc too.
Agreed--but I'm not a big-time hosting provider.
Personally, I'd love to have a few of these servers at my disposal. One for mail, one for mysql, one for websites, and one just to sit there rack up uptime.
Wow. Not a ripoff at all!
No, not really. You pay more for business class, and they do things like ignore the stupid 250 GB home-user cap, or unblock port 25 since they expect businesses to have IT people.
Do you have something better than pole dancers to spend it on? I doubt it.
Yeah. An iPhone.
I have working USB on my computer. Why the hell do I need to install a Motorola XP driver to charge my RAZR?
You don't have to install the Motorola Driver for XP. You could just install Linux. It charges without having to go driver hunting. And it works for more than just Moto Razrs. It works with every other USB phone too, plus PDA's. Stupid Microsoft.
I wouldn't sell the equipment. If you have a colo you already do business with and a lot of extra server hardware, try subleasing it to someone you think might need some extra server capacity.
Sure, it's a lot of work to find customers, but with that much hardware sitting around you have a lot to offer.
I was going to suggest the same thing. I rent a few servers from my favorite colo provider. I just keep paying them $60 per server until the end of time and they make sure the hardware works and I have connectivity. You could probably make a decent amount off renting them--or at least a better amount than the $0 you'd be earning with them in your garage. The downside is if you suddenly need them back. You'd have to give the customers fair warning to get their stuff moved to a new machine.
Actually, there are about 2 million American workers who work for less than $0.41/hr. Of course, they're all in prison - but why nitpick?
All we have to do to compete in the global economy is imprison the entire country. That way American companies don't have to abide by such provincial concepts as safety regulations, labor laws, retirement and health benefits; and American workers never have to worry about a lack of employment.
Win-Win!
It boils down to this: What are you going to do about it?
If the 'poor Chinese workers' aren't going to do anything to help themselves, you have to decide if it's within your right and moral authority to do something about it,
Maybe you could write an angry letter to a Chinese company and demand they pay their workers more.
You could take a harder stance and stop shopping at WalMart and any other company that buys goods from China (hopefully you aren't on a tight budget--because if they start paying their iPod and iPhone assemblers more, you will pay more).
If all else fails, you have to decide if their freedom is worth dying for. Would you be willing (along with a lot of other people) to go over as an armed group and free them?
If you're not willing to do anything about it, don't whine about it.
Can't eat air!
Screw wireless.
Go with powerline networking. Just make sure the 'powerline' you use is something like 220kva. Your rats should be eliminated shortly.
Also, don't get near the network room for fear of arcing.
soon to be updated: ... a system of 64 active satellites which relay calls from portable phones
If anyone was actually talking on their Iridium phone on that Sat when it collided, they immediately get 5 geek points.
That definitely has some bragging rights...
Of course, the obvious alternative would be for people to just dig out their old copies of Windows 3.1.
Windows 3.1 had no built in network stack. Microsoft wanted their own propietary service at the time. Third party vendors were the only source if you wanted the internet.
I don't know why dattaway was modded Troll--he's correct. Look at the Winsock article...
Specifically the bullet points that say:
* Microsoft did not supply an implementation of Winsock 1.0.
* Version 1.1 of Winsock was supplied in an add-on package (called Wolverine) for Windows for Workgroups (code named Snowball). It was an integral component of Windows 95 and Windows NT 3.x.
I don' care who y'are, tha's funny raht thar.
Technically it's 'rhat' not 'raht'.
I am grammar Nazi of the hicks, hear me rawr!
I don't see how mx2 and nas1 are more informative than daffy or kirk.
Ofcourse if you've got lots of servers that are essentially the same, then it makes sense to call them daffy00 - daffy99.
Maybe I will get a *whoosh* for this, but MX is Mail eXchanger and NAS is Network Attached Storage...so mx1, mx2, mx3, etc... are all mail servers. mx4.mxc1.domain.com is the 4th mail exchanger in the 1st cluster of mail exchangers...
that's why we have these great things called LISTS. See, a list is an example of something called "documentation". in documentation, you write down things about your environment that are not easily remembered or intuited. i know most sysadmins think their job is just to condense their whole job into as concise a shell script as possible, but documentation is helpful, too.
problem solved.
Bah! That requires your boss or client to pay you to write the documentation.