---Forensics people sometimes use special hardware that makes it physically impossible to modify the original image (i.e. read only in hardware), then do a bit by bit copy. Then it's very easy to say, "There's no way this data could have been modified on the original drive".
Hey, my boss isnt here, so I can give you the reduced rate on non-writing IDE hardware so you too can perform advanced forensics. The hardware is only $99.95 and you're given 3 cables*** for this patented circuit board.
***The circuit board does nothing. The IDE cables have the write lines clipped;P
On my Belkin 128 MB usb dongle, I have a little jumper-slider (like seen on matrox video cards). This is a chip-based write-protect. Takes a paperclip to do, but your data isnt changeable in the least.
And you bring upon yet another MUCH MORE important fact about the Internet, and your connection in particular...
Why are you paying for upload bandwidth? You can control downloads, not uploads. And also, why dont you have a basic shell account with procmail filters? Procmail on your mailservers cut a lot of crap if configured right. Simply deleting all mails with incorrect send-to: field kills much spam.
---Because the right to Free Speech (in the US) specifically protects political speech. The KKK, as horrible as it is, is engaging in political dialogue, and it's important for the proper functioning of democracy that political dialogue be protected. And, in particular, it's only unpopular political speech requires active protection.
---Spammers, on the other hand, are simply bugging people to sell them stuff. That's not protected speech.
Have you ever seen a filibuster in Senate? That's when there's slim majority to vote on a bill, but not enough to stop people from taking the podium.. The actual filibuster is when the senators read from long books. The phone book is common, but about 10 or so years ago, another book was much more common: Sears Roebuck Catalog.
Is this political speech, or is it commerical?
Or how about somebody actively saying how good a product is. And they do this at the state fair, so that your comment goes through the airwaves.
Is this political speech, or commerical speech (Assuming this was an honest opinion with no money transferring hands)?
Or the other group of spammers that the government supports... Snail mail spam. Credit card offers, repair offers, "Checks" that grant you a loan if cashed, items with threats attached threatening your credit if you dont send money or item back....
Yeah, the companies spend money on this, but so what? It's still bulk that fills mailboxes. And it's NOT digitally preprossable to stop junk.
Or even the CAN-SPAM law itself.. It explicitly ALLOWS politicians and political surveys to still solicit. Yes, they are ABOVE THE LAW. Why?
Ok, Xen seems to be a OS maintainer.. sort of like what resides on the real OS of the Z series mainframes that IBM sells.
Ok, a free beer to anyone who can explain why this is different than a Roothost as Linux-uml with NSA security, and spawns via a script to copy kernel images and set up disk slices as partitions?
Xen is some 3'rd party stuff, and UML is aready in 2.6 by default. All you need to do is a "make menuconfig arch=um" to initiate... And you have built-in quota by way of partition-files and possible access by root filesystem via loopback.
--Ah ok, this is a misunderstanding then. Most of what I would refer to as "support" is either being defered (after all your time is expensive, so your clients don't contact you unless they NEED you) or isn't being done at all (e.g. your comment, "who wants to pay to have every possible hole patched up to complete").
Tis just a misunderstanding of what we understand as support. Though, dont get me wrong, I do keep track of what servers and crucial programs my clients run, just in case there are serious bugs or remote holes abound. If there is a remote root exploit, I'd call and mail them about a. problem just recently announced. Then I'd either patch it or close it down until there's a solution.
The exception is if it's an internal network only problem... thus my statement about every hole. If there's a hole for a legit user to escalate to higher permissions, I'll let the client know, but the business I work for usually hire good friends or family. I also stress a backup system (even DVD's if they're cheap). It might take 2 hours (100$) to fix it, but it's just not viewed as a problem in some shops.
---Being a consultant makes a world of difference. Sure, you can sell support for 1000 machines, but that's very different from being the IT staff in a company with 1000 machines. VERY different.
I still take care of each machine.. I stay proactive on what computer is where, and what software they're running. It's one thing hearing from a client that "program X" has a serious bug.. I'd rather tell them that before they hear anywhere, and have it fixed (err.. the service stopped at least) by the time they do hear about it.
Though, I still have a problem in some places.. I havent figured a cheap solution on how to back up all the desktop machines relatively cheaply. Every solution ends up at least 1 TiB... and that's with compression.
---Still, offering support for 1000 end-users is no small task, and my hat's off to you.
Thank you for the compliment, but most of my servers are mainly set once, run forever. I always sell about 4x the amount of storage mainly for obsclescence protection and prevention of downtime at a later date.
One client did want a dual computer setup.. I ended up using drbd on that. 2 computers, that monitor each other, whilst duplicatig everything is a wonderful showoff. I, as a demo, set them up, had a workstation download some 500 MB file from the server, and then unplugged it from the wall. The download kept on chugging;-) In that setup, I plan for that setup to die sometime in the next 7-10 years.. raid 1+0, dual network crossover(cable) cards, each has 100 mb network access, and serial crossover (For the heartbeat). It was sort of a pain to setup, but is now super smooth, which equals a happy crawler;-)
---I'm sorry, I just don't buy that. If you mean that you can support one aspect of running those machines, sure, but you're doing it all?
Well, I do most of it, and yes, I sometimes hire somebody in if I get a rush of requests. And actually, it's closer to 900 machines, including the servers.
---How do you have enough time to dedicate to security updates (and response to any security problems),
Actually, in the wild, there's not nearly as much security problems as many "analysts" believe. Security holes, Im sure there's some, but who wants to pay to have every possible hole patched up to complete? It costs too much, even if you use commodity hardware.
And how I dedicate time for patchhing? I keep a simple MySQL database of every machine, version of OS, version numbers, and programs. On non-standard hardware (ones not included with windows disk, or in linux kernel), version numbers along with those. When I see a "security exploit", I just do a query for the software and version(s) expoitable.
Malicious hackers also use this very same MySQL-like orginization of system data. If you scan machines with NMAP, and enter data into a DB mapping output port data, and version number of server (if it tells), you can insta-crack when the new 0-day exploit comes out. All you do is query, and 'click'.
---external complaints,
External complaints? Im a consultant, who drives to the location of where my "employer of the day" is. Usually, they give me basic data on what they want, and I charge for record-keeping time and maintainence time.
---administrative requests,
Phone, IM, email, or in person.
---new users
Not hard. They send me an email, and I can usually set up users remotely, as long as it's a default user with no "special" permissions. Then I'd have to go on-site.
---and hardware, MTBF replacements,
Thats why I stress getting better quality hardware. I charge 50$ an hour, which is on the low end, but I'm happy with it. I simply say, if cheap hardware fails, it's going to cost this much in time, which is usually more expensive than buying better componentry.
In fact, I was able to sell scsi cards, 7krpm drives, and usb floppy drives to one small corporation. My main point are the drives will last for 5 years, and will run reliably. Floppy drives, as I explained, are usually made cheap, hold little, and the disks transfer dirt, which usually kills the drives quite rapidly. USB based drives allow you to buy a new drive, if it fails, and plug it in. They even have a stock of 5 drives when they fail. It's simply "plug n go".
---user questions, new software install requests, expansion of physical space and networks, physical upgrades, and the inevitable development of tools and small software?
Phone, IM, email, in person. That and all, do you know how "hard" it is to double the computer network when there's already a whopping 4 machines on it? It's not like you need 10gig networking with fiberscsi drives... Many places use a basic corporate DSL plan for their internet connection. 384/128 is what most have. Some have more, and one even still uses a modem uplink. They dont need any faster.
You seem to think I work for a big megacorp or something. I dont. I dont even work for a big consulting outfit. Who I handle, and maintain for technology are the small businesses and home users who either cannot afford a 15k/year -like contracts, or excessive costs for simple requests. There's a company here when I work who charge 150$ for spyware removal. They're also known to pad the bill heavily by putting upgrades in the machine, then charging and saying you "NEED THIS". Very unethical, imho.
---Over 1000 systems? On top of that, you don't have 1000 machines in a vacuum. There must be some corporate, government or educational body that purchased all of those boxes, and there's going to be beauracratic and technical interaction with the organization, other networks and systems within it, etc.
I can say for certain, that I can maintain 1000 desktop systems by myself, and about 50 servers that um.. serve;-) those desktops.
Most problems these days are simple stupid problems.. Software not configured correctly, stuff not plugged in, drivers not installed and malicious programs interfering with work.
Servers, once configured correctly, can be (almost) set and forget. I nsa-secure my Linux servers to prevent priviledge esclation from root, set up UML hosts for insecure programs that need consistant monitoring (from the host OS, of course), and generally make it a pain to change things that matter. I also keep well documented profiles about every system that I maintain, and can easily revert to earlier config files (I map all conf files to/etc, and back them up to cdrom).
When root is god, and you need to go to the business locally for pr reasons, why not lock everything except local console out of "Dangerous" stuff?
Is my system hackery? Nope. Simple, clean cut Linux and Windows solutions, though Windows is less secure and less reliable.
"The cost/benefit ratio increases dramatically, along with exponentially increasing time to deployment, in that our competitors have a much increased chance of overtaking our solutions.
My suggestion is that we freeze features for a specified version, and branch our software when we feel that our profit margin is maxed. This would guarantee that we would force our customers to upgrade on our cycle, thus guaranteeing future profits."
I'm a network engineer in the consulting "business". In order to maintain contracts, you have to do the talk, and speak the language. Money and time are all that matter.
---Well, he's also asking a large group of people who are more likely to be using a paid service and have experiences with the user end and/or be admins for pay-per-play wifi companies.
DO you think media companies hand out demographic data for free? Or do consulters give free, and good, advice?
If you do something for free, many, many people will be willing to help you one way or another. Hence why the GNU and similar licenses get off the ground: Socialism.
"If you might, even in the most remote sense, help me, I'll help you to further our goals." is the basis of how Socialism can work. For information (code and intelligence), there is no real "price" on the words. There are for tangible objects, but not virtualized abstracts. In terms of Open Source, information is seen as "equal": equal in value.
Simply put, this project can be done in Open Source, though I'd have to think about implementing a timer with my ideal setup (for billing purposes). Ask yourself this.. Is it worth your time trying to figure out open source if it can do this, or Pay a consultant, or buy commerical hardware/software and hope for the best?
Slashdot Mirror
What is the 19215'th article's 7'th paragraph, 9'th word and what was it reffering to?
*recalls old 486 based ad&d games with page/paragraph/word anti-piracy.
Well, I've not had any individual scsi devices I needed to protect (as in forensics). Most of my cases are IDE devices, though I do sell scsi devices.
;( I'm sure there's some open-source scsi guy who has them..
The only source I can find at the moment is the SCSI spec sheets that require payola
---Forensics people sometimes use special hardware that makes it physically impossible to modify the original image (i.e. read only in hardware), then do a bit by bit copy. Then it's very easy to say, "There's no way this data could have been modified on the original drive".
;P
Hey, my boss isnt here, so I can give you the reduced rate on non-writing IDE hardware so you too can perform advanced forensics. The hardware is only $99.95 and you're given 3 cables*** for this patented circuit board.
***The circuit board does nothing. The IDE cables have the write lines clipped
What about Plasma monitors and laptops ;P
Yeah, the same scam group's doing those items too.
You know.. An ALT+SYSRQ+S should also synch disks ;-)
On my Belkin 128 MB usb dongle, I have a little jumper-slider (like seen on matrox video cards). This is a chip-based write-protect. Takes a paperclip to do, but your data isnt changeable in the least.
Whoops. Shoulda reverted to RTFM'ing..
Btw, its sync on my setup. Im just on a windows box, whilst building a big raid set (on a linux machine).
In linux, doing "mount -o async /dev/ABCD /path/to/mount" should tell the kernel to immeidately flush this buffer to disk immediately.
This is the setting I use on my thumbdrives and floppes while using Linux.
I fail to find information about Windows asynch-like commands on storage devices.. though Sysinternals did create a WIndwos-like sync command.
And you bring upon yet another MUCH MORE important fact about the Internet, and your connection in particular...
Why are you paying for upload bandwidth? You can control downloads, not uploads. And also, why dont you have a basic shell account with procmail filters? Procmail on your mailservers cut a lot of crap if configured right. Simply deleting all mails with incorrect send-to: field kills much spam.
---Until the KKK tries to host a rally in my front lawn, I'll tolerate them and prosecute spammers all I want.
Have you ever witnissed a friend have a large burning cross placed in their lawn??
---Because the right to Free Speech (in the US) specifically protects political speech. The KKK, as horrible as it is, is engaging in political dialogue, and it's important for the proper functioning of democracy that political dialogue be protected. And, in particular, it's only unpopular political speech requires active protection.
---Spammers, on the other hand, are simply bugging people to sell them stuff. That's not protected speech.
Have you ever seen a filibuster in Senate? That's when there's slim majority to vote on a bill, but not enough to stop people from taking the podium.. The actual filibuster is when the senators read from long books. The phone book is common, but about 10 or so years ago, another book was much more common: Sears Roebuck Catalog.
Is this political speech, or is it commerical?
Or how about somebody actively saying how good a product is. And they do this at the state fair, so that your comment goes through the airwaves.
Is this political speech, or commerical speech (Assuming this was an honest opinion with no money transferring hands)?
Or the other group of spammers that the government supports... Snail mail spam. Credit card offers, repair offers, "Checks" that grant you a loan if cashed, items with threats attached threatening your credit if you dont send money or item back....
Yeah, the companies spend money on this, but so what? It's still bulk that fills mailboxes. And it's NOT digitally preprossable to stop junk.
Or even the CAN-SPAM law itself.. It explicitly ALLOWS politicians and political surveys to still solicit. Yes, they are ABOVE THE LAW. Why?
How is this flamebait? This is the truth.
I see a somewhat irreputable group.. making use of Free Speech.
KKK rallies are allowed to romp through cities, and the ACLU fights for them.
Black Pride groups also protest through towns.. Ditto the ACLU.
Considering what the KKK supports (death to Blacks, Catholics, and jews), and what spammers want (sell you stuff).. Why are we against spammers?
It's both speech. Why are both vehemently hated but only 1 is tolerated?
See? See everybody suing spammers, and now laws that make spamming criminal, or even jailing spammers???
I call this abberition of FREE SPEECH. I dont care if it IS commercial speech or individula speech, or "sole properitorship speech" or.....
This is SPEECH, and in the US, it should be FREE (with exceptions of calls to direct physical harm, or false and intentional cries for help).
Cursed be to the people who support Microsoft and/or are against spammers. They're only actively using their free speech right.
Are you certain it's faster when you have 1 linux OS with 600 MB per user (20 users)?
20 users on UML and 20 on Xen... which is faster???
Ok, Xen seems to be a OS maintainer.. sort of like what resides on the real OS of the Z series mainframes that IBM sells.
Ok, a free beer to anyone who can explain why this is different than a Roothost as Linux-uml with NSA security, and spawns via a script to copy kernel images and set up disk slices as partitions?
Xen is some 3'rd party stuff, and UML is aready in 2.6 by default. All you need to do is a "make menuconfig arch=um" to initiate... And you have built-in quota by way of partition-files and possible access by root filesystem via loopback.
Ok, why is Xen better?
Understand that money alone, is what drives management.
Then, time equals money.
Then you will succeed.
--Ah ok, this is a misunderstanding then. Most of what I would refer to as "support" is either being defered (after all your time is expensive, so your clients don't contact you unless they NEED you) or isn't being done at all (e.g. your comment, "who wants to pay to have every possible hole patched up to complete").
;-) In that setup, I plan for that setup to die sometime in the next 7-10 years.. raid 1+0, dual network crossover(cable) cards, each has 100 mb network access, and serial crossover (For the heartbeat). It was sort of a pain to setup, but is now super smooth, which equals a happy crawler ;-)
Tis just a misunderstanding of what we understand as support. Though, dont get me wrong, I do keep track of what servers and crucial programs my clients run, just in case there are serious bugs or remote holes abound. If there is a remote root exploit, I'd call and mail them about a. problem just recently announced. Then I'd either patch it or close it down until there's a solution.
The exception is if it's an internal network only problem... thus my statement about every hole. If there's a hole for a legit user to escalate to higher permissions, I'll let the client know, but the business I work for usually hire good friends or family. I also stress a backup system (even DVD's if they're cheap). It might take 2 hours (100$) to fix it, but it's just not viewed as a problem in some shops.
---Being a consultant makes a world of difference. Sure, you can sell support for 1000 machines, but that's very different from being the IT staff in a company with 1000 machines. VERY different.
I still take care of each machine.. I stay proactive on what computer is where, and what software they're running. It's one thing hearing from a client that "program X" has a serious bug.. I'd rather tell them that before they hear anywhere, and have it fixed (err.. the service stopped at least) by the time they do hear about it.
Though, I still have a problem in some places.. I havent figured a cheap solution on how to back up all the desktop machines relatively cheaply. Every solution ends up at least 1 TiB... and that's with compression.
---Still, offering support for 1000 end-users is no small task, and my hat's off to you.
Thank you for the compliment, but most of my servers are mainly set once, run forever. I always sell about 4x the amount of storage mainly for obsclescence protection and prevention of downtime at a later date.
One client did want a dual computer setup.. I ended up using drbd on that. 2 computers, that monitor each other, whilst duplicatig everything is a wonderful showoff. I, as a demo, set them up, had a workstation download some 500 MB file from the server, and then unplugged it from the wall. The download kept on chugging
---I'm sorry, I just don't buy that.
If you mean that you can support one aspect of running those machines, sure, but you're doing it all?
Well, I do most of it, and yes, I sometimes hire somebody in if I get a rush of requests. And actually, it's closer to 900 machines, including the servers.
---How do you have enough time to dedicate to security updates (and response to any security problems),
Actually, in the wild, there's not nearly as much security problems as many "analysts" believe. Security holes, Im sure there's some, but who wants to pay to have every possible hole patched up to complete? It costs too much, even if you use commodity hardware.
And how I dedicate time for patchhing? I keep a simple MySQL database of every machine, version of OS, version numbers, and programs. On non-standard hardware (ones not included with windows disk, or in linux kernel), version numbers along with those. When I see a "security exploit", I just do a query for the software and version(s) expoitable.
Malicious hackers also use this very same MySQL-like orginization of system data. If you scan machines with NMAP, and enter data into a DB mapping output port data, and version number of server (if it tells), you can insta-crack when the new 0-day exploit comes out. All you do is query, and 'click'.
---external complaints,
External complaints? Im a consultant, who drives to the location of where my "employer of the day" is. Usually, they give me basic data on what they want, and I charge for record-keeping time and maintainence time.
---administrative requests,
Phone, IM, email, or in person.
---new users
Not hard. They send me an email, and I can usually set up users remotely, as long as it's a default user with no "special" permissions. Then I'd have to go on-site.
---and hardware, MTBF replacements,
Thats why I stress getting better quality hardware. I charge 50$ an hour, which is on the low end, but I'm happy with it. I simply say, if cheap hardware fails, it's going to cost this much in time, which is usually more expensive than buying better componentry.
In fact, I was able to sell scsi cards, 7krpm drives, and usb floppy drives to one small corporation. My main point are the drives will last for 5 years, and will run reliably. Floppy drives, as I explained, are usually made cheap, hold little, and the disks transfer dirt, which usually kills the drives quite rapidly. USB based drives allow you to buy a new drive, if it fails, and plug it in. They even have a stock of 5 drives when they fail. It's simply "plug n go".
---user questions, new software install requests, expansion of physical space and networks, physical upgrades, and the inevitable development of tools and small software?
Phone, IM, email, in person. That and all, do you know how "hard" it is to double the computer network when there's already a whopping 4 machines on it? It's not like you need 10gig networking with fiberscsi drives... Many places use a basic corporate DSL plan for their internet connection. 384/128 is what most have. Some have more, and one even still uses a modem uplink. They dont need any faster.
You seem to think I work for a big megacorp or something. I dont. I dont even work for a big consulting outfit. Who I handle, and maintain for technology are the small businesses and home users who either cannot afford a 15k/year -like contracts, or excessive costs for simple requests. There's a company here when I work who charge 150$ for spyware removal. They're also known to pad the bill heavily by putting upgrades in the machine, then charging and saying you "NEED THIS". Very unethical, imho.
---Over 1000 systems? On top of that, you don't have 1000 machines in a vacuum. There must be some corporate, government or educational body that purchased all of those boxes, and there's going to be beauracratic and technical interaction with the organization, other networks and systems within it, etc.
My.
Or worse yet..
Have you seen the old Slashdot page lengthening posts?
Yes. 1 line license! OUCH
I can say for certain, that I can maintain 1000 desktop systems by myself, and about 50 servers that um.. serve ;-) those desktops.
/etc, and back them up to cdrom).
Most problems these days are simple stupid problems.. Software not configured correctly, stuff not plugged in, drivers not installed and malicious programs interfering with work.
Servers, once configured correctly, can be (almost) set and forget. I nsa-secure my Linux servers to prevent priviledge esclation from root, set up UML hosts for insecure programs that need consistant monitoring (from the host OS, of course), and generally make it a pain to change things that matter. I also keep well documented profiles about every system that I maintain, and can easily revert to earlier config files (I map all conf files to
When root is god, and you need to go to the business locally for pr reasons, why not lock everything except local console out of "Dangerous" stuff?
Is my system hackery? Nope. Simple, clean cut Linux and Windows solutions, though Windows is less secure and less reliable.
ANd Hari Seldon's equasions did not account for the inertial social mass change by the power of one person.
I can name a person who that would qualify under.. and the kernel's named after him.
You dont speak his language.
"The cost/benefit ratio increases dramatically, along with exponentially increasing time to deployment, in that our competitors have a much increased chance of overtaking our solutions.
My suggestion is that we freeze features for a specified version, and branch our software when we feel that our profit margin is maxed. This would guarantee that we would force our customers to upgrade on our cycle, thus guaranteeing future profits."
I'm a network engineer in the consulting "business". In order to maintain contracts, you have to do the talk, and speak the language. Money and time are all that matter.
---Well, he's also asking a large group of people who are more likely to be using a paid service and have experiences with the user end and/or be admins for pay-per-play wifi companies.
DO you think media companies hand out demographic data for free? Or do consulters give free, and good, advice?
If you do something for free, many, many people will be willing to help you one way or another. Hence why the GNU and similar licenses get off the ground: Socialism.
"If you might, even in the most remote sense, help me, I'll help you to further our goals." is the basis of how Socialism can work. For information (code and intelligence), there is no real "price" on the words. There are for tangible objects, but not virtualized abstracts. In terms of Open Source, information is seen as "equal": equal in value.
Simply put, this project can be done in Open Source, though I'd have to think about implementing a timer with my ideal setup (for billing purposes). Ask yourself this.. Is it worth your time trying to figure out open source if it can do this, or Pay a consultant, or buy commerical hardware/software and hope for the best?
That was also in the style of AD&D games. The wizards were more like sorcerors. Limited spells, but cast any from group.
And I can go into a very emotional state.. By the time the baseline was over, I'd have their data soo messed up.
It takes me usually 5 minutes to actively change my brain-state. And Ive went under poly and lied successfully. Tis not that hard.