Some of the mods just dont want people to read this becasue it is not full of glowing praise.
You must be new here. The post was a troll, probably somebody throwing a hissy fit because their article didnt get posted. If the article they submitted had as much thought provoking commentary as the post did, than it's not surprising. The folks who modded it down recognized that the article linked had nothing to do with suse 9.2, and beyond some copying and pasting from the article, the post had no substance.
Holy crap?! You mean companies shouldn't be trying to keep workers productive and happy by listening to their needs? No wonder Google is doomed.
I think you're forgetting the mentality of the average office drone. And if you want to see someone worse than the average office drone, try the average government employee. The terms "worker" and "productive" don't apply to 90% of the gevernment employees out there, so they need not be addressed. As far as their "needs", I'm willing to bet that solitaire is at or near the top of that list.
The fact that the post is somewhat anti-linux doesn't make it a troll, agreed. It has little to do with the release of Suse 9.2, so it is by definition off topic. What makes it a troll though is the signal to noise ratio. Read the parent again, it's just a copy and paste of a news article along with the link to businessweek. No additional commentary, no effort to conduct intelligent conversation, and no intention of responding to any replies. He's just posting copied text that is likely to generate controversy for the sake of generating controversy, while putting minimal effort into any actual dialogue.
I have to seriously question the wisdom of anyone who uses a public kiosk with the expectation of privacy, not to mention the system administrators of kiosks who would a) install such an app or b) have the boxes set up in such a way that the public could install it.
You sound like a very unprofessional, low level flunky. It isn't your machine, either. Your are some schmoe on the low end of the IT support department, spending most of your time setting up a new machine, installing software, and swapping out bad CD drives or memory to replace whatever died.
Nope, just a very opinionated security analyst. I am on the low end of the IT chain I guess, I mean I only handle firewall administration, antivirus, intrusion detection/prevention, patch management, wireless security, rogue AP detection, auditing, and security policy enforcement/investigation. Oh, and I also handle spam blocking too. My network hasn't had a major incident in over a year. It may not be my computer, but it is my ass on the line if a security incident threatens the confidentiality, integrity, or availability of my organization's information resources.
I'm more professional and user-friendly when I deal with my customers/co-workers, but not by much. I deal with people like you and the parent poster on a regular basis, and they/you tend to have a few traits in common. They're all impatient, and they all have inflated opinions of their technical knowledge and their worth to the organization. Ask yourself which is worse: you being inconvenienced and therefore semi-productive for a few hours to a few days, or an incident that leaves you and your 2000 coworkers non-productive for a few hours to a day? There is no security measure that doesn't in some way inconvenience users, and someone always bitches. But people like you bitch about security emasures, then they bitch even more when a worm knocks your entire network offline.
Bottom line, if you're not responsible for the security and uptime of your network, you have an obligation to comply with the policies of the people who are. Deal with it.
There are two major problems with Firefox. The first is introperability: Let's face it, there's a lot of crap out there that we have to support that doesn't run on Firefox. Second, Firefox isn't read for enterprise management yet. IE can be configured via group policy and it can be quickly patched via SMS or SUS. How do I patch 2000 machines for a firefox vulnerability overnight with no user interaction?
But if you run a concentration-camp style lockdown and project the attitude that "I am mighty Network King, bow before me and I may let you use your machine," you're goddamn right the admins will go down for any security problems.
It's not your machine, it's your employer's.
In the scenario you've described, the admins can at least show that they exercised due care and mitigated the security risks as much as they could. If the admins let you administer your machine and you down the network guess what -- they're still responsible.
The attitude of all you LAN Admins in here really pisses me off, "it's easy, lock 'em down, don't give 'em admin, take away all their PC privilages". It's easy for you to say, you have admin! You can install any software you need.
I wonder how much productivity you lock-'em-down admins are costing the economy as a whole. You wanna know something? LAN administration isn't the most important part of a company, you aren't making the company any money. Your job is to help us users be more productive in doing our job, it isn't to cause you the least hassle.
How does it help the company when everytime I need to install some software to do my job I have to call you up and waste a couple of days for it to get aproved by the all-mighty-admin? How does it help the company when I can't immediately respond to a customer!?
OK, so there are stupid users, but I don't care about them, they don't affect me, I'm just trying doing my job. Leave me alone god damnit!
Shut the fuck up. It's not your computer and you have no say in its administration.
Not only are you one of the stupid users, you're among the worst. If you're done whining and thinking like an end user, crack open a book and read up on information security and the principle of least privilege. Just because you lack the planning and communication skills necessary to identify applications you need installed before it becomes an emergency doesn't mean your IT staff should endanger your entire network because of you. And before you open your piehole to argue with me, yes. That's exactly what you're asking them to do.
Based on your attitude I'd suggest you do yourself and your coworkers a favor: find another line of work. One that doesn't involve technology more complex than sticks and stones.
Off the top of my head, I could figure out several tools useful in data forensics.
What you can figure out means jack shit. If you use a single one of those tools on media that wasn't acquired through forensically sound means then you just botched your evidence. And guess what, mounting a drive read-only is a practice that can be impeached. Congratulations, that hard drive full of teh kiddy pr0n is now inadmissable.
What Cliff understands and you don't is that effectiveness is only half the requirement for forensics tools. Such tools also have to be accepted by the court, either through legal precedent or through expert testimony. Expert testimony involves either paying someone with degrees and credentials out the ass to back up your forensic methods (not cheap) or qualifying you the examiner as an expert witness (may not work, also takes time which leads to more legal fees, not cheap).
More importantly, a forensic kit needs to include the ability to quickly view multiple file types. One investigation can easily involve stacks of floppies, CD's, and SD cards as well as a laptop hard drive and desktop hard drive. Scripted searches are great, but those results need to be easily indexed and viewed through a multi-format file viewer or you won't be able to generate timely analyses.
Don't get me wrong. I'd love to see linux forensics tools admitted in court, but what you're talking about is writing your own toolkit from scratch, not pencil whipping a few scripts. Why would you go to that much trouble when you could just use encase or FTK and know that your evidence will be admitted?
As easy as that concept may seem.. people in tornado alley or hurricane central still don't get it.
We do get it, we just don't give a shit. I love living in florida and I'm not leaving because of a couple storms. For those who are moving away, go! We never wanted you around anyway. The rest of us have enough sack to stick around, and we have enough common sense to go somewhere safe when a storm's coming.
"The fact of the matter is what you saw was a staged production... analogous to a magic show," said David Bear, the Diebold spokesman.
He would of course be an expert on staged production, considering that Diebold landed its first customers based on staged demos. In fact, reading about Diebold was the first time I'd encountered the term "slideware" - software that exists only in the form of presentation slides.
ISC has published a scanner to identify vulnerable files. Has both a GUI and a command line option. Use a little creative scripting and you can use this to find vulnerable hosts on your network. Patch early, patch often...
What google would do well to remember is that human beings are creatures of habit, and they won't jump ship without a reason. Right now people are flocking to firefox for their windows web browsing needs because mozilla presented something they didn't have, security. While google's branding and high visibility will no doubt help them get their browser out there, they also need to present their browser as having something that neither firefox nor IE have. IE lacks security, customizability, and compactness, but it can be managed across the board by tools such as group policy. It can also be patched across an enterprise with tools like SUS. Firefox brings security and customizability to the table, but it isn't yet manageable in an enterprise network. Firefox also can't handle Microsoft-specific technologies such as activeX. Were google to bring all of the above to the table, it would be a formidable browser indeed.
I give it a month before FlexEstaff gets a C&D letter from priceline. AFAIK, priceline has just about every form of reverse bidding patented, and I'm willing to bet that the eShift software could be construed as violating their IP. Just another example of how AFU the IP laws are...
That's true. My hope is that things play out exactly like that so they not only have to jump from one hosting provider to another, but they also have to jump from one domain to another.
Once sph gets a large enough install base, the spammers will need to find another way to convince victims to open their email. My prediction is that we'll see more mail from yah00.com, a0l.com, ao1.com, etc. All a spammer has to do is get a domain like that registered and publish an SPF record for it and they'll be able to continue their operation. It does make them work harder though, and it pretty much negates the usefulness of trojans that turn infected machines into a spambots.
is not on where to get your training, but what to do before you start it. First, find out (if you don't know already) what distro your company is standardizing on, and make sure your training is geared towards it. You're going to suffer from infromation overload as it is, so there's no sense in going to suse-based training and learning yast if you'll be using red hat.
Second, identify the tasks you do as a windows sysadmin, and come up with a list. The more the merrier. Keep that handy while you're learning, and don't let your training end without learning how to accomplish those tasks in a linux environment. Don't settle for the gui way either. You'll save yourself a lot of time and work in the long run if you learn the command line and some shell scripting, plus you'll make yourself more valuable to your organization.
Also, get your company to get you a subscription to one or more linux sysadmin-oriented publications. Sysadmin mag is pretty good, but I'm sure there are others out there.
Finally, network with other linux techs, whether it's through user groups, training, or some other means. It's a strong argument in favor of in-person training, just because you cant network as well during online or teleconference-style classes. Oh, one other thing -- be sure to explain to your superiors that "putzing around on slashdot" == "hard at work". Good luck!
Now, if it were listed as "Important News Stories That Are Not Being Followed Through On"...then we got ourselves a list my friend.
But the title alone makes it seem like the US government is pulling these stories and saying they can't be run at all...which isn't the case.
How about "Important stories that our major news outlets are burying on the back page of the paper and on cnn tickers, but it's a complete coincidence that these just happen to be stories that the administration would like to keep quiet". That better? Really, at what point does burying a story" not equate to censorship?
I'd be pretty pissed if my ISP all of a sudden decided to limit what ports I can use.
True, but there's a huge difference between enterprise network administration and servie provider administration. While there are most likely more spam zombies on the high-speed home networks, enterprise networks that are poorly administerd give the virus writers|spammers a significant number of machines with craploads of bandwidth. I just hope SPF isn't viewed by server and firewall admins as a further excuse for their laziness. Of course, if they've been AFU all this time I doubt it's going to make a difference:)
Just curious, is it ok for every *nixboxen on the network to send SMTP?
Of course not, the principle of least privilege applies. I just haven't seen too many viral infections for *n*x systems that turn the victim machine into spam zombies, thus my reference to w32 machines.
He never said the infected mail was coming from *his* network. It could come from any schmuck that has both their addresses in their addressbook.
I understand that, thus my approval of SPF. My general, all-purpose no-frills mini-rant is about the number of networks where every host (read that, potential spambot) on the network is allowed to send smtp outgoing. It's not a dig on SPF, rather a dig on networks where every windowsboxen on the network can kick spam out because of management or sysadmin incompetence.
An SPF enabled mail server would reject emails with spoofed headers, and so my friends (victims) will not see the infected email with *my* email address.
Don't get me wrong, I approve of SPF, but here's my gripe from a best practice point of view. If you're capable of identifying the mail server(s) authorized to send mail from your network and publishing SPF records, why are you letting other hosts send SMTP out of your network at all?
Rote reading from of a incomplete trouble shooting guide does not replace expert knowledge.
Thank you for pointing out that the language barrier isn't the only problem here. My primary frustration with Dell's tech support hasn't been the language barrier so much as it's been the technical proficiency or lack thereof. Plus, it's an insult to one's intelligence when you talk to three different techs in Bangalore and they all introduce themselves as "Bob", "Ralph", and "Andy".
What's really sad is, when Dell did their tech support in house they had some awesome people on their staff, people who could walk you through taking a precision apart and putting it back together including telling you where on the motherboard things were located. Now? Not so much.
Slashdot Mirror
The fact that the post is somewhat anti-linux doesn't make it a troll, agreed. It has little to do with the release of Suse 9.2, so it is by definition off topic. What makes it a troll though is the signal to noise ratio. Read the parent again, it's just a copy and paste of a news article along with the link to businessweek. No additional commentary, no effort to conduct intelligent conversation, and no intention of responding to any replies. He's just posting copied text that is likely to generate controversy for the sake of generating controversy, while putting minimal effort into any actual dialogue.
That would be a troll.
I have to seriously question the wisdom of anyone who uses a public kiosk with the expectation of privacy, not to mention the system administrators of kiosks who would a) install such an app or b) have the boxes set up in such a way that the public could install it.
I'm more professional and user-friendly when I deal with my customers/co-workers, but not by much. I deal with people like you and the parent poster on a regular basis, and they/you tend to have a few traits in common. They're all impatient, and they all have inflated opinions of their technical knowledge and their worth to the organization. Ask yourself which is worse: you being inconvenienced and therefore semi-productive for a few hours to a few days, or an incident that leaves you and your 2000 coworkers non-productive for a few hours to a day? There is no security measure that doesn't in some way inconvenience users, and someone always bitches. But people like you bitch about security emasures, then they bitch even more when a worm knocks your entire network offline.
Bottom line, if you're not responsible for the security and uptime of your network, you have an obligation to comply with the policies of the people who are. Deal with it.
There are two major problems with Firefox. The first is introperability: Let's face it, there's a lot of crap out there that we have to support that doesn't run on Firefox. Second, Firefox isn't read for enterprise management yet. IE can be configured via group policy and it can be quickly patched via SMS or SUS. How do I patch 2000 machines for a firefox vulnerability overnight with no user interaction?
In the scenario you've described, the admins can at least show that they exercised due care and mitigated the security risks as much as they could. If the admins let you administer your machine and you down the network guess what -- they're still responsible.
Not only are you one of the stupid users, you're among the worst. If you're done whining and thinking like an end user, crack open a book and read up on information security and the principle of least privilege. Just because you lack the planning and communication skills necessary to identify applications you need installed before it becomes an emergency doesn't mean your IT staff should endanger your entire network because of you. And before you open your piehole to argue with me, yes. That's exactly what you're asking them to do.
Based on your attitude I'd suggest you do yourself and your coworkers a favor: find another line of work. One that doesn't involve technology more complex than sticks and stones.
He likes us. And He wants us to be happy.
What Cliff understands and you don't is that effectiveness is only half the requirement for forensics tools. Such tools also have to be accepted by the court, either through legal precedent or through expert testimony. Expert testimony involves either paying someone with degrees and credentials out the ass to back up your forensic methods (not cheap) or qualifying you the examiner as an expert witness (may not work, also takes time which leads to more legal fees, not cheap).
More importantly, a forensic kit needs to include the ability to quickly view multiple file types. One investigation can easily involve stacks of floppies, CD's, and SD cards as well as a laptop hard drive and desktop hard drive. Scripted searches are great, but those results need to be easily indexed and viewed through a multi-format file viewer or you won't be able to generate timely analyses.
Don't get me wrong. I'd love to see linux forensics tools admitted in court, but what you're talking about is writing your own toolkit from scratch, not pencil whipping a few scripts. Why would you go to that much trouble when you could just use encase or FTK and know that your evidence will be admitted?
He would of course be an expert on staged production, considering that Diebold landed its first customers based on staged demos. In fact, reading about Diebold was the first time I'd encountered the term "slideware" - software that exists only in the form of presentation slides.
ISC has published a scanner to identify vulnerable files. Has both a GUI and a command line option. Use a little creative scripting and you can use this to find vulnerable hosts on your network. Patch early, patch often...
What google would do well to remember is that human beings are creatures of habit, and they won't jump ship without a reason. Right now people are flocking to firefox for their windows web browsing needs because mozilla presented something they didn't have, security. While google's branding and high visibility will no doubt help them get their browser out there, they also need to present their browser as having something that neither firefox nor IE have. IE lacks security, customizability, and compactness, but it can be managed across the board by tools such as group policy. It can also be patched across an enterprise with tools like SUS. Firefox brings security and customizability to the table, but it isn't yet manageable in an enterprise network. Firefox also can't handle Microsoft-specific technologies such as activeX. Were google to bring all of the above to the table, it would be a formidable browser indeed.
I give it a month before FlexEstaff gets a C&D letter from priceline. AFAIK, priceline has just about every form of reverse bidding patented, and I'm willing to bet that the eShift software could be construed as violating their IP. Just another example of how AFU the IP laws are...
That's true. My hope is that things play out exactly like that so they not only have to jump from one hosting provider to another, but they also have to jump from one domain to another.
Once sph gets a large enough install base, the spammers will need to find another way to convince victims to open their email. My prediction is that we'll see more mail from yah00.com, a0l.com, ao1.com, etc. All a spammer has to do is get a domain like that registered and publish an SPF record for it and they'll be able to continue their operation. It does make them work harder though, and it pretty much negates the usefulness of trojans that turn infected machines into a spambots.
is not on where to get your training, but what to do before you start it. First, find out (if you don't know already) what distro your company is standardizing on, and make sure your training is geared towards it. You're going to suffer from infromation overload as it is, so there's no sense in going to suse-based training and learning yast if you'll be using red hat.
Second, identify the tasks you do as a windows sysadmin, and come up with a list. The more the merrier. Keep that handy while you're learning, and don't let your training end without learning how to accomplish those tasks in a linux environment. Don't settle for the gui way either. You'll save yourself a lot of time and work in the long run if you learn the command line and some shell scripting, plus you'll make yourself more valuable to your organization.
Also, get your company to get you a subscription to one or more linux sysadmin-oriented publications. Sysadmin mag is pretty good, but I'm sure there are others out there.
Finally, network with other linux techs, whether it's through user groups, training, or some other means. It's a strong argument in favor of in-person training, just because you cant network as well during online or teleconference-style classes. Oh, one other thing -- be sure to explain to your superiors that "putzing around on slashdot" == "hard at work". Good luck!
What's really sad is, when Dell did their tech support in house they had some awesome people on their staff, people who could walk you through taking a precision apart and putting it back together including telling you where on the motherboard things were located. Now? Not so much.