I cannot agree more, however you have to remember that when you are out to get 100,000 infected machines what does it matter if you totally destroy 10,000 of them, you are still making a profit.
The hackers don't really have to worry about reliability. Oh and I feel your pain on upgrades I am working on a rollout of office 2003, what a pain. If only you could hand out a cd and say "Here install this" and not have 98% of the users give you a blank look.
Does anyone here know where to get a nice looking digital watch, I have looked forever for a watch with a nice metal band that is digital. I don't like the ones that stretch to fit over your had as they are very 80's, maybe one that is a bi or tri-fold.
I think a company could make a fortune selling these to geeks who like percise time and need a watch that looks good. The only one I have ever found is http://www.thinkgeek.com/gadgets/watches/72bb/ and it is way to expensive and has much more than I would want in a watch. I need time and date.
I have done some checking and they look good for the most part, when I checked some of their ip's out I didn't see any major RBL's listing them. As long as they have a stable connection I am normally good since I run my own mail, apache, mysql, and dns servers.
I still have more to check on (Policies, what happens if hardware dies, turnaround time, etc) before I decide where to go.
The one I am looking to move to is http://www.colopronto.com/ I know I ran across a couple of others on google but I don't remember the sites. Now I have not used the service I just mentioned so do your research, my server is currently with RackSpace.com and I am paying $225/month for a dedicated server. As soon as my rackspace contract is up I am going to switch to a co-located server.
Also while your at it, make sure to buy your own domain and use that for your email, domains are almost free these days. So when the campus shuts off your access and throughs you off the grounds your backups won't do you much good when nobody reconizes your email address when you try to contact them again.
Your online identity is precious, most of the people I know online I know mostly by their email address, if someone shows up anouncing some great story about losing their email address and they really are who they say they are and can we continue where we left off with such and such big deal we were working on I would really hesitate and have to work my trust back up again.
I am not sure that the server logs are going to help you, as said otherwise in this thread if you are not friendly to a mobile browser then you won't have the users.
I think the better question would be, how valuable would your site be to people on the go that are not in front of a computer? If you have a mostly informational site then I wouldn't convert if possible. However if you have a service to find the nearest coffee shop, see stock prices in real-time, or bid on a auction then having your site mobile friendly would be a great idea.
Of course we all know that you will have to do it because your PHB wants to be able to browse the site on his handheld, like he ever would anyways right?
I have been looking around for a co-located server the last month or so and have found a couple that looked decent for about $30/month, if you are running your own hardware anyways what is to stop you from doing a co-locate? All you have to do is sell hosting for a couple of websites to some friends/family and that will pay for the server from month-to-month.
Doing that will get you uber bandwidth and you won't have to worry about port blocking.
If you have the ability and it is not costing you much or anything host your own.
I hosted my stuff at my previous employers and it worked great for a couple of years and then our relationship turned sour overnight and I lost about 3 years of work, I had backups but most of them were where I worked, what I did have backups of on my own was outdated etc.
Running your server is more than warm fuzzies, you can do what you want without anyone looking over your shoulder, plus the experience you gain from it could very well be stuff that could be used on a resume or talked about during a job interview. Much of what landed my current job came from the fact I was my own server admin.
I have always said that I would rather have a virus on my machine than an anti-virus.
I may get a virus that causes some troubles once every couple of years but most of them are pretty easy to remove and if they are not then I just re-install my machine and go happily along again.
However it seems with almost all of the anti-virus products your computer runs slow all the time and you get some nice random lockups when the anti-virus is scanning stupid stuff like a print job and then crashes your printer subsystem, or a new virus signiture that keeps your computer from shutting off correctly, or a new update that just hoses your install.
My advice for most people:
Use a computer with a private IP address behind a firewall, dsl router, etc.
Keep your updates/patches done
Only use an email service that does good server side virus scanning
Don't do stupid stuff, a little common sense goes a long way
Re:How would it have helped Mitnick?
on
Mitnick on OSS
·
· Score: 1, Interesting
Of course it takes alot more guts to try some of this stuff for real, when you know if you get caught you can get out because you were allowed to try and get around the system you can try much more risky stuff.
I guess that is the difference between actual interaction with the users like shipping a tape or walking into a data center as opposed to sending out a mass email phishing for info. You can get caught either way but tracking down a few fake email address' with bad contact info etc is way harder than the security guard just walking you into a room and locking you in until they get some real police there.
Re:How would it have helped Mitnick?
on
Mitnick on OSS
·
· Score: 2, Interesting
I have often said it is easier to just ask for a password then try and get it brute-force. The same could be said for most any computer security.
I have walked into data centers and gotten let into the server rooms by security without showing any ID, or having an appointment, or even knowing anyone in the building. I could have destroyed a couple million dollars of equipment, put a server under my arm, and waived at the security guard at the front door and they would have just waived back.
Point being, if you want into a network why waste the time going though code looking for vunerbilities or trying to brute force your way in somewhere, just submit a patch with a backdoor or ask for the password. Many times you will probably get in.
As a sidenote, the data center I mentioned above I was authorized to be in there doing work just nobody there knew that. And I am not a cracker, I do work a good bit in computer security though which means testing the systems I put in place.
Re:Securing Open Source Code
on
Mitnick on OSS
·
· Score: 1, Insightful
I agree completely with the parent post. Also I know when I work on any open source projects I make double sure that my code looks right and that I didn't do something stupid because I don't want to get torn apart on a mailling list of my peers.
Also when working on open source it may not be so much that other people are looking over your code for bugs, but that someone might be looking over your code for bugs. I don't know many programmers who like to get shown up on their abilities.
However when working on closed source you tend to just get it working, meet the deadline, and get on with life. Most times you don't have someone looking over your shoulder at each line of code.
You know, I had never thought about the moon being made of cheese in that way, does that mean that the moon is a vacation get-away for the true rulers of earth?
I know the excuse for the time always seems to be so they can completely test their fix. However I have a good majority of my machines that run windows that cannot do windows updates. Every time I do a windows update I cannot boot the computer again without doing a system restore to get rid of the update.
Now I know that Microsoft cannot be perfect but I don't think it is going to take them that much time to test and if it did I wouldn't think we would have to be so scared of installing a patch on a server in case it crashes it.
When I read that headline it sounded like a trailer I wouldn't be surprised to see.
Spielberg, the director of many award winning movies has beautifully recreated the geek's debate over DRM, DVD encryption, and the Linux verses Windows debate in his new movie he directed... BITTEN by DVD Encryption **Shriek**
Is there going to be any kind of reward for finding the Star dust? Also was there any mention as to how rare it would be to find dust in an image, like would there be dust in 1 out of 100 or 1 out of 100,000? If I had a decent chance of finding a piece of dust and then being able to track it as the analyze it to find out the origin I would be more likely to do it, kind of like finding and adopting your own experiment.
In playing around with different filesystems Reiser seemed to work the best, for the amount of files it seemed to be the most stable (1,000,000 files per drive). Also I was using Reiser V3 which I have heard is not as processor intensive.
Something that I always found to be interesting while working as a contractor at different universities is that I have been routinly given higher access than the Dean's or the President of the university. Now I would never use the access for anything that I did not actually need to get the job done but that seems odd that that kind of access would be granted to a complete outsider of the system.
I am always surprised when I go into companies to see the old equipment they are running. It is not unusual to find a machine in the 500 mhz range with an ide raid controller to hold a few hundred gig's of space. Not everyone has the budget for the newest and greatest and not everyone has to have the processing speed. Many people are running fileservers that store a ton of info but don't actually process anything.
I had 3 Squid cache servers that I run off from pretty old cheap hardware using Reiser and I found the best way to work it was to have 4 or 5 drives for the cache for best performance, reiser worked great but on the older equipment they had trouble with concurrent open files etc. By adding more drives I could have a lower end PIII handling 2,000 - 3,000 open files at a time, pretty impressive I would say.
Shouldn't we prove that alternate dimentions exist before we try building a craft that can slip into them. Anyone care to remember when Gorden Freeman tried some of this stuff in the anonalmus materials lab?
After reading the article I am confused as to how you would test such a thing? Do you build a super ship, arm it with a magnet that will probably draw the moon into the earth and then blast off into space going faster than your body can handle thus exploding?
Slashdot Mirror
I cannot agree more, however you have to remember that when you are out to get 100,000 infected machines what does it matter if you totally destroy 10,000 of them, you are still making a profit.
The hackers don't really have to worry about reliability. Oh and I feel your pain on upgrades I am working on a rollout of office 2003, what a pain. If only you could hand out a cd and say "Here install this" and not have 98% of the users give you a blank look.
Does anyone here know where to get a nice looking digital watch, I have looked forever for a watch with a nice metal band that is digital. I don't like the ones that stretch to fit over your had as they are very 80's, maybe one that is a bi or tri-fold.
I think a company could make a fortune selling these to geeks who like percise time and need a watch that looks good. The only one I have ever found is http://www.thinkgeek.com/gadgets/watches/72bb/ and it is way to expensive and has much more than I would want in a watch. I need time and date.
I have done some checking and they look good for the most part, when I checked some of their ip's out I didn't see any major RBL's listing them. As long as they have a stable connection I am normally good since I run my own mail, apache, mysql, and dns servers. I still have more to check on (Policies, what happens if hardware dies, turnaround time, etc) before I decide where to go.
The one I am looking to move to is http://www.colopronto.com/ I know I ran across a couple of others on google but I don't remember the sites. Now I have not used the service I just mentioned so do your research, my server is currently with RackSpace.com and I am paying $225/month for a dedicated server. As soon as my rackspace contract is up I am going to switch to a co-located server.
Also while your at it, make sure to buy your own domain and use that for your email, domains are almost free these days. So when the campus shuts off your access and throughs you off the grounds your backups won't do you much good when nobody reconizes your email address when you try to contact them again.
Your online identity is precious, most of the people I know online I know mostly by their email address, if someone shows up anouncing some great story about losing their email address and they really are who they say they are and can we continue where we left off with such and such big deal we were working on I would really hesitate and have to work my trust back up again.
I am not sure that the server logs are going to help you, as said otherwise in this thread if you are not friendly to a mobile browser then you won't have the users.
I think the better question would be, how valuable would your site be to people on the go that are not in front of a computer? If you have a mostly informational site then I wouldn't convert if possible. However if you have a service to find the nearest coffee shop, see stock prices in real-time, or bid on a auction then having your site mobile friendly would be a great idea.
Of course we all know that you will have to do it because your PHB wants to be able to browse the site on his handheld, like he ever would anyways right?
I have been looking around for a co-located server the last month or so and have found a couple that looked decent for about $30/month, if you are running your own hardware anyways what is to stop you from doing a co-locate? All you have to do is sell hosting for a couple of websites to some friends/family and that will pay for the server from month-to-month.
Doing that will get you uber bandwidth and you won't have to worry about port blocking.
If you have the ability and it is not costing you much or anything host your own.
I hosted my stuff at my previous employers and it worked great for a couple of years and then our relationship turned sour overnight and I lost about 3 years of work, I had backups but most of them were where I worked, what I did have backups of on my own was outdated etc.
Running your server is more than warm fuzzies, you can do what you want without anyone looking over your shoulder, plus the experience you gain from it could very well be stuff that could be used on a resume or talked about during a job interview. Much of what landed my current job came from the fact I was my own server admin.
I may get a virus that causes some troubles once every couple of years but most of them are pretty easy to remove and if they are not then I just re-install my machine and go happily along again.
However it seems with almost all of the anti-virus products your computer runs slow all the time and you get some nice random lockups when the anti-virus is scanning stupid stuff like a print job and then crashes your printer subsystem, or a new virus signiture that keeps your computer from shutting off correctly, or a new update that just hoses your install.
My advice for most people:
Of course it takes alot more guts to try some of this stuff for real, when you know if you get caught you can get out because you were allowed to try and get around the system you can try much more risky stuff.
I guess that is the difference between actual interaction with the users like shipping a tape or walking into a data center as opposed to sending out a mass email phishing for info. You can get caught either way but tracking down a few fake email address' with bad contact info etc is way harder than the security guard just walking you into a room and locking you in until they get some real police there.
I have often said it is easier to just ask for a password then try and get it brute-force. The same could be said for most any computer security.
I have walked into data centers and gotten let into the server rooms by security without showing any ID, or having an appointment, or even knowing anyone in the building. I could have destroyed a couple million dollars of equipment, put a server under my arm, and waived at the security guard at the front door and they would have just waived back.
Point being, if you want into a network why waste the time going though code looking for vunerbilities or trying to brute force your way in somewhere, just submit a patch with a backdoor or ask for the password. Many times you will probably get in.
As a sidenote, the data center I mentioned above I was authorized to be in there doing work just nobody there knew that. And I am not a cracker, I do work a good bit in computer security though which means testing the systems I put in place.
I agree completely with the parent post. Also I know when I work on any open source projects I make double sure that my code looks right and that I didn't do something stupid because I don't want to get torn apart on a mailling list of my peers.
Also when working on open source it may not be so much that other people are looking over your code for bugs, but that someone might be looking over your code for bugs. I don't know many programmers who like to get shown up on their abilities.
However when working on closed source you tend to just get it working, meet the deadline, and get on with life. Most times you don't have someone looking over your shoulder at each line of code.
You know, I had never thought about the moon being made of cheese in that way, does that mean that the moon is a vacation get-away for the true rulers of earth?
You want to take that up with the mice? We all know they are the ones that had Earth built in the first place.
I know the excuse for the time always seems to be so they can completely test their fix. However I have a good majority of my machines that run windows that cannot do windows updates. Every time I do a windows update I cannot boot the computer again without doing a system restore to get rid of the update.
Now I know that Microsoft cannot be perfect but I don't think it is going to take them that much time to test and if it did I wouldn't think we would have to be so scared of installing a patch on a server in case it crashes it.
When I read that headline it sounded like a trailer I wouldn't be surprised to see. Spielberg, the director of many award winning movies has beautifully recreated the geek's debate over DRM, DVD encryption, and the Linux verses Windows debate in his new movie he directed... BITTEN by DVD Encryption **Shriek**
Is there going to be any kind of reward for finding the Star dust? Also was there any mention as to how rare it would be to find dust in an image, like would there be dust in 1 out of 100 or 1 out of 100,000? If I had a decent chance of finding a piece of dust and then being able to track it as the analyze it to find out the origin I would be more likely to do it, kind of like finding and adopting your own experiment.
In playing around with different filesystems Reiser seemed to work the best, for the amount of files it seemed to be the most stable (1,000,000 files per drive). Also I was using Reiser V3 which I have heard is not as processor intensive.
You must be getting used to seeing things on Digg, remember the slashdot slogen, News for Nerds, Stuff thats Old
Something that I always found to be interesting while working as a contractor at different universities is that I have been routinly given higher access than the Dean's or the President of the university. Now I would never use the access for anything that I did not actually need to get the job done but that seems odd that that kind of access would be granted to a complete outsider of the system.
I am always surprised when I go into companies to see the old equipment they are running. It is not unusual to find a machine in the 500 mhz range with an ide raid controller to hold a few hundred gig's of space. Not everyone has the budget for the newest and greatest and not everyone has to have the processing speed. Many people are running fileservers that store a ton of info but don't actually process anything.
I had 3 Squid cache servers that I run off from pretty old cheap hardware using Reiser and I found the best way to work it was to have 4 or 5 drives for the cache for best performance, reiser worked great but on the older equipment they had trouble with concurrent open files etc. By adding more drives I could have a lower end PIII handling 2,000 - 3,000 open files at a time, pretty impressive I would say.
Shouldn't we prove that alternate dimentions exist before we try building a craft that can slip into them. Anyone care to remember when Gorden Freeman tried some of this stuff in the anonalmus materials lab?
After reading the article I am confused as to how you would test such a thing? Do you build a super ship, arm it with a magnet that will probably draw the moon into the earth and then blast off into space going faster than your body can handle thus exploding?
First Post!