that explains how he got the IMEI of his *STOLEN* mobile phone, duh!
The stickers come seperate to the actual phone, in the cardboard box the phone comes in. I am not talking about the sticker that is attached to the phone (typically under the battery).
Using *#06#, noting the IMEI from under the battery or hiding a provided sticker on something that can't be stolen, are some things you are supposed to do *BEFORE* your phone gets stolen.
You should also have received stickers with the number printed on them, with your phone. It's probably also on the box and chances are you were supposed to fill them in to your phones manual or it was already otherwise printed in it.
Your Telco might also have taken the liberty of recording it for you, so that your phone could be rendered useless on thier network at least (often on all networks in a given area), if you report it stolen. This is supposed to discourage mobile theft.
Using a stolen GSM phone, without very carefully modifying the IMEI, can be pretty risky business in some parts of the World.
a thief is more likely to change the plates then change the MAC address of the wireless card in a laptop in a stolen car..
And what's more, license plates don't broadcast thier number for a city block in each direction. You also can't see a license plate behind a brick wall.
You know, today is the day you get the funny picture with a phpinfo(); call.
Oh man! Today I built from OpenBSD ports, php-4.3.3, since I recently rebuilt my server. I did a quick phpinfo(); to make sure it was working and I got this hippy looking thing that looks like it would be a smokedot user.
I wondered WTF that was about. I thought maybe Anil Madhavapeddy was being a smart arse or something.
which technically isn't "theft" since he was given the keys, it's more or less a misdemeanor amounting to "borrowing with intent"
There was a case in Australia, where a taxi passenger pulled a knife on the driver. The driver said something to the effect of, "here! take the money!", handing the knife wielding passenger his money bag...
The thief was not charged with theft because the taxi driver told him to take the money!
Yes, BSD does save you from being hacked, in the same way that having no network cord plugged in saves you, because it has no services running in the default install, but the advantage goes away if both are configured properly to do the same thing.
Well, specifically with OpenBSD, this might have been true once upon a time, but with W^X, ProPolice, priv sep, etc that is an old argument which no longer holds much weight.
And then I started thinking, "Wait a minute, they have a record of every movie I've ever seen!"
I don't mind if a store keeps a record of what I have rented, solely for the purpose of allowing only myself to access that data, if and when I wish.
But these guys are keeping records of everything I buy from them. If I usually purchase original Coke Cola when I purchase a soft drink, what are they doing with that information?
Are they using the trends in the records of what time and days I come in to the store?
Are the video cameras linked to the POS terminals, to assure that each customer (of a desired demographic) can have their photo taken when they purchase something, to get info on what they wear? Perhaps taking a few photos scattered across the seasons, to sell that info to some large retail stores to find season trends for that area and desired demographic?
They could prove statistically that one person has some sort of a relationship with another person, based on how close (geographically and time wise) they each make purchases. They could thus prove that they go shopping together, travel between the same points and along the same routes (purchases made along the way, petrol, etc). They could even watch both their mobile phones switch from the same one cell to another one cell at approximately the same time, at very high consistencies.
What if one person is innocently and unknowingly hanging around with a criminal, who might be "getting up to no good" on days they spend together? Will the innocent person be implicated?
I wonder how far they go?
Makes me want to always pay cash and never carry a mobile phone.
When the laser scanners were coming out, everybody was saying, retailers are going to collect information about what you buy.
I am an Networking contractor. Some of my customers do this very thing.
A large chain of video rental stores in Sydney Australia spring to mind...
They DO collect data on what customers buy and retain the link between that data and that customer. The customer then receives promotional material via whatever channels they know how to get to you.
The store owner who told me this, assured me that all was okay because, they "don't sell that data".
If I promised to learn the metric system and not be an arrogant asshole, you think you could hook me up with a job and help me immigrate from the US to Australia?
You might not like our arseholes. ; )
The work situation here is not all that great, either.
lol what are you a man-page writer for the openbsd project or something:P
; ) No, I just love OpenBSD. I like all the big free BSD's.
regardless, it sounds like you're contradicting yourself a bit. we both seem to agree that some man pages rock (like books, some more than others). and you say yourself you've got great openbsd books.
You said, "who needs books, when you have such fantastic man pages!?" Apparently you did.
I purchase BSD related books when they come out, to encourage the publishing of further BSD books to generally help the BSD projects. Seriously. By the time I get to finish the book, a newer version is out, or more importantly, more up to date man pages are waiting for me.
Computer text books normally get used for reference, manual pages should serve this well, OpenBSD's man pages do.
I have also tried to purchase every official OpenBSD CD set since 2.5 (when I first tried it), I've bought loads of shirts and I even made a donation of brand new hardware. That donation did not make it because the drive model specifically requested was end-of-lifed and I could not find it anywhere else.
For me, purchasing books is one way I can support them.
If the manpages have all that you need, why would you consider the books that you own great, rather than just a rehash of the manpages?
I don't need books, with these. But it can be nice to flake out in bed and read a book.
Clearly you have a reason for liking the book, or buying the book in the first place.
It is not a need though, just a want.
Also, a novice openbsd user may not even know what the man pages are, sad as that may be.
After you install OpenBSD (at least), you get a message about what is expected of you as a user. Including the usage of apropos to answer your own questions. If you downloaded OpenBSD, there is a good chance you read something along these lines at the OpenBSD web site and if you purchased a CD set, the insert tells you too. That is why the developers and users get upset on the mailing lists, when someone asks a question (without enough of the required details) which was asked and answered just recently perhaps.
in my experiences i've noticed that man pages of commercial software are typically much better than free software (open source or not)
I agree with this completely, if you take OpenBSD out of the running.
That's why I said, "Leave the commercial World behind".
Not to mention the fact that, however good OpenBSD may be, there simply aren't enough commercial authors on the subject to really promote competition and encourage authors to put out *QUALITY* books.
Have you read any of the books?
I have almost all of them.
One of them is very high quality, as far as grammar goes and all of them are very high quality as far as technical details go.
But, who needs books, when you have such fantastic man pages!? People used to complain that there was no documentation for OpenBSD, yet completely ignored the fantastic man pages.
I've read many books that say things like "Again, Microsoft, in their infinite wisdom, has decided to deviate from the norm and bastardize protocol X -- so this is how you get it to work the way it SHOULD work"...you're typically not going to get that from the same company releasing the product, commercial or free...
I agree with this about commercial software but not the free stuff.
OpenBSD is about true freedom. You are empowered with the exensive man pages, good FAQ's, mailing lists and the source. OpenBSD often gives various ways to do one thing, but most importantly, they don't bastardize anything, so they don't have anything to hide.
If you feel there is bias, you can always find an alternative view elsewhere on the net. But chances are, that if OpenBSD does something a particular way, off from the norm, there is usually a very good reason for it.
Cisco. At least a couple years ago; I haven't dealt with them much lately. But their TAC (Technical Assistance Center) was outstanding.
Fair enough.
Precisely. I wish everyone did their jobs competently. I also wish for world peace.
Me too. [sigh] I was looking at that pic of Earth from Mars and thinking, what the hell are we doing to ourselves and our planet. We are mostly blessed by our natural luck and yet completely cursed by ourselves.
From names like Novell, Microsoft and CA.
Aren't these companies all known to suck?
I thought CA was good, until I got to deal with them. I guess I was ignorant to that. Sorry carlivar, I'm feeling a bit upset with the shitty state of the IT industry and with what people are willing to just accept.
I, on the other hand, have seen some quite successful projects with companies like Sun and Cisco.
Well, you've made me feel good that there might be some good left in IT. When I saw DEC die and then the top quality of companies like HP slowly disappear, I wondered if the industry would ever recover from companies like Dell.
Watching the Alpha mostly stagnate has depressed me too. The other day I was looking at some Mathematica benchmarks and noticed the Alpha still doing well. A 1.25GHz Alpha doing almost as well as a 3GHz P4-B. A little 1GHz G4, did pretty well, looking at the machines around it.
They SHOULD be hiring a top gun of their own, paying him an absolute shitload to stay and make sure he is comfortable and happy.
I completely agree, but what SHOULD happen often doesn't. Humans in general just aren't too bright. And eventually you get sick of complaining, or searching for The Perfect Company to work for (near your house).
; )
BTW, do you think Sun will drop the UltraSPARC in favour of AMD's (I know they are going to sell AMD64 systems), since the AMD64's are going to have massive economies of scale, 64 bit and per page security in-CPU?
It seems to me that Sun, IBM, HP and SGI have happily competed with each other in the 64 bit workstation arena, knowing that it is a niche they can safely share, but now grannies will soon have cheap fast 64 bit desktops capable of per page security in-CPU perhaps Sun realises that it is time to get off the UltraSPARC train and get on something they probably wouldn't have been able to compete with.
From what I've read, it seems the Apple G5's are getting accepted into the scientific 64 bit workstation arena and Sun probably sees this as a big warning sign. I personally would love to see Sun hardware (I like Sun gear) based on the AMD64's, since my favorite OS, OpenBSD, support stops at the IIi (?) in the UltraSPARC range and that is exacty the platform I want to run OpenBSD on.
I guess the irony here is, that if Sun released specs on the III to OpenBSD, I probably would have bought a III machine new from them, but instead I bought a IIi on eBay and by the time they start selling AMD64 systems, I might not bother buying a machine from them because the biggest desire I had is now everywhere! ; )
I do not disagree. Often though, companies discourage such homegrown solutions because:
What's realistic for one admin, might be unrealistic for another.
They must not have much faith in admin candidates then or the current admins documentation skills or willingness. I know there are a lot of bad admins, but a company who typically goes to trouble to find a good admin, is willing to get one that provides real solutions (that work until someone pulls the plug) and documentation.
I have worked for companies, who have performed interview procedures that have taken months and in the end they did not choose anyone! Prefering to try again a little later after reviewing their advertising procedures! In this particular case, the senior admin could get by with overtime and other IT staff, until they could get the expert they wanted.
They don't go to all that trouble, just to get some guy who chooses a product out of a bunch of promotional pamphlets. One of the "impossibilities" I acheived is still working after about 8 years (PABX programing).
In Unix admin, that is what it is all about! Scripting, C, creative configurations, etc. You don't want to replace a good admin with a bad admin ever. The bad admin can wreck in weeks, what the good admin probably had going for years.
So what happens when the admin with the homegrown solution leaves the company?
Documentation. If the old admin did not do it, that is a failure of management.
If the old admin did do it, but the new admin is to arrogant or lazy to check it, then that is also a failure of management.
Hopefully they trained others on their solution, but we all know that can be wishful thinking.
Not from me. I was taking calls for weeks after I left one job, because people did not RTFM so to speak! Intranet documentation systems were in place when I got there, and seemingly I was one of the few to ever use it beyond the novelty factor.
Maybe the solution is "unrealistic" for other admins to support.
Never underestimate the value of a phone number to companies.
Can you name a good company helpdesk? One that is as good as say a BSD or Debian mailing list?
Management types get all warm and fuzzy knowing there's a phone number that can be called for problems/questions/blame.
I don't work for companies managed by such people. I have had arguments in job interviews because my point of view was "wrong" and the manager with the MBA was "right".
And that is how it should be. You don't want to work for some arsehole who hires someone who is to be told how to do their jobs.
You are describing crappy admins and crappy managers.
One of my major clients, tends to feel "warm and fuzzy about phone numbers" for some things. Time and time again I watch them hire complete moron cowboys who claimed initially that something would be implemented for $10k in 2 weeks, and it has then gone on to creep up slowly to more than double that and taken 6 months to implement something that just does not work (although vaguely appears to for a short while).
From names like Novell, Microsoft and CA.
They ring up the warm and fuzzy phone numbers and get different answers each time and yet often get asked the same bloody series of questions again, the helpdesk operator gets nervous because their questions are not on his "cheat-sheets" and says, "I'll ring you back" and then never does.
Companies are WRONG to feel warm and fuzzy about phone numbers and they are WRONG to implement such reliance all the time on outside entities for which they have practically no control over. They SHOULD be hiring a top gun of their own, paying him an absolute shitload to stay and make sure he is comfortable and happy.
BTW, the company I referenced here, is one of the most successful law firms on Earth. I won't go into details of who they are or who their clients are, but, you know many of their big clients and their vi
Of course, you could just as easily blame this problem on the existence of the metric system as on the Imperial one.
Just as easily? No way. I don't blame imperial. I blame its use amongst other Metric values.
But, metric is way more simple! You want to change up or down through the prefixes? Just shift a decimal point and change the prefix.
31/32 of an inch? 25/64 of an inch? Come on!
You have short tons and long tons, which vary by a small amount. And then now you have Metric Tons! You guys are going to keep the confusion alive even after you have converted to Metric!
The problem here is not with one system or the other, but with the fact that there were two.
Exactly my point. Potential for disaster increases.
The _real_ problem is that the units on a bare number weren't specified.
I find it really hard to beleive, that NASA would allow a bare number to get through a project of that magnitude to completion, without ever being questioned (How much mass does it have? 12. 12 what?). Doing that and mixing up Imperial/Metric might seem like both stupid mess-ups, but a bare number should not get through QA processes, whereas a single human error like accidentally reading a Metric value to be Imperial could be beleivable.
Can you provide a link to back that up? I've searched NASA's sites, I can't find something that specific.
The root cause (for this and other similar mishaps), as far as I can tell, is in the acceptance of two different units being acceptable in a field where extremely small tolerances can make astronomical mistakes.
What about avoiding errors where you're finest tolerances do not mesh cleanly between the units?
OpenBSD does make sense in small business situations, but for the enterprise it does not.
I can tell you, with authority, that I know that the two largest banks in my country, have at least used OpenBSD on some of their perimeters.
I say "at least" because I haven't seen all the perimeter firewalls and I say "used" because my info is about 2 years old. My guess, is that they use them on all, to this day, but I can't say for certain, I can only go off what internal software developers I still know have told me.
Dealing with 25 different openbsd machines with a text-based PF config on each does not sound fun to me.
Firewall rules are really dry.
Text is the safest and most efficient way to get the details across without any ambiguity.
Yeah I'm sure you could script some pretty cool central management out of it all, but that's not realistic for most places.
It all comes down to the admin. Many a time, I have achieved things that OEM's, vendors and previous "admins" have claimed to be "impossible". Often figuring out how to do it within minutes, which can be pretty embarassing for the ex admin.
What's realistic for one admin, might be unrealistic for another.
I'll happily concede that there are situations in which a commercially supported firewall with central management and deployment capability are a better choice than a unix box with a bolted-on packet filter.
I find comments like this, about Unix, hilarious. In Unix, the limit is YOU and your knowledge, intelligence and immagination.
PF is welded (very carefully) into the OpenBSD kernel. It is not "bolted on". A good packet filter is one of the most important parts of OpenBSD, and PF and the rest of the kernel get treated as such.
I know what you mean though, I wouldn't use Linux for firewalling either.
A huge group of remote firewalls can be remotely administered without even having any ports (eg ssh) open on them. You could set up an scp or rsync through ssh tunnel to periodically check back to a central server, which has all the remote configs saved on it. No big deal.
If you absolutely must be able to connect to the firewalls remotely at any time, then you will have to run a service on them. No thanks. I love using OpenBSD, but I won't even run sshd on an OpenBSD firewall with privsep. So little to gain and too much to lose. I prefer the firewalls connect to me with authentication and if I find out that sshd is vulnerable again, I simply shut it down on the central management server, patch it (ONE server) and then carry on.
"pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state"
How is this syntax -more- readable? Unless you know what your doing, both will look like absolute garbage!
Actually, it is English.
Pass packets coming in on the external interface as long as they are tcp protocol, from any IP specifically sent to our external interface (not just subnet noise) and as long as they are tcp services (ports) that we want, when the SYN flag in the tcp flags is ON (S/SA) and allow this established connection back in (keep state with less fuss next time).
Anyone who really does actually know TCP/IP well (someone you would want configuring your firewall), should be able to look at that line (and the rest of the config file(s) where those $macros are defined), and it should just make complete sense to them, because the terms or abreviations are obvious.
Sales reps (may) try to sell you on the seemless failover crap. Bottom line: lots of hoops, and I don't know that it's any easier than PIX's failover solution.
OpenBSD, PF, pfsync and carp.
Don't know whether it is easier or not, but it's bound to be cheaper. Especially if you read the doco and understand it.
OpenBSD does not need sales reps. It gets by on merit alone. So why not go check out why this is!
Slashdot Mirror
that explains how he got the IMEI of his *STOLEN* mobile phone, duh!
The stickers come seperate to the actual phone, in the cardboard box the phone comes in. I am not talking about the sticker that is attached to the phone (typically under the battery).
Using *#06#, noting the IMEI from under the battery or hiding a provided sticker on something that can't be stolen, are some things you are supposed to do *BEFORE* your phone gets stolen.
Hey, it holds true! Good work, Shanep. :)
I'm talking about the "people", NOT the government.
Some people sent to Australia as convicts, got here for stealing a loaf of bread. So who was the real criminal in those cases?
The hungry person? Or the human rights violating government?
That's in Australia, though. They're a bunch of, you know, criminals.
And Americans are a bunch of, you know, murdering racists.
At least we evolved into a nation of reasonable, educated people. The US still mass murders people they don't like.
A nation of convicted criminals is hardly a model society.
Not everyone who came to Australia, came as a criminal and that did happen a very long time ago.
With your theory, the US must be a nation of murdering racists.
Finally, someone else has to realize that Austrailia really is fucked up!
What would you know about Australia? You can't even spell it.
Well if you're going to keep the hash and the marijuana, can I get first call on any cannabis that you find? ;)
Sorry dude, Mary Jane beat you to it.
*#06# SEND
Now you do.
You should also have received stickers with the number printed on them, with your phone. It's probably also on the box and chances are you were supposed to fill them in to your phones manual or it was already otherwise printed in it.
Your Telco might also have taken the liberty of recording it for you, so that your phone could be rendered useless on thier network at least (often on all networks in a given area), if you report it stolen. This is supposed to discourage mobile theft.
Using a stolen GSM phone, without very carefully modifying the IMEI, can be pretty risky business in some parts of the World.
a thief is more likely to change the plates then change the MAC address of the wireless card in a laptop in a stolen car..
And what's more, license plates don't broadcast thier number for a city block in each direction. You also can't see a license plate behind a brick wall.
You know, today is the day you get the funny picture with a phpinfo(); call.
Oh man! Today I built from OpenBSD ports, php-4.3.3, since I recently rebuilt my server. I did a quick phpinfo(); to make sure it was working and I got this hippy looking thing that looks like it would be a smokedot user.
I wondered WTF that was about. I thought maybe Anil Madhavapeddy was being a smart arse or something.
which technically isn't "theft" since he was given the keys, it's more or less a misdemeanor amounting to "borrowing with intent"
There was a case in Australia, where a taxi passenger pulled a knife on the driver. The driver said something to the effect of, "here! take the money!", handing the knife wielding passenger his money bag...
The thief was not charged with theft because the taxi driver told him to take the money!
Yes, BSD does save you from being hacked, in the same way that having no network cord plugged in saves you, because it has no services running in the default install, but the advantage goes away if both are configured properly to do the same thing.
Well, specifically with OpenBSD, this might have been true once upon a time, but with W^X, ProPolice, priv sep, etc that is an old argument which no longer holds much weight.
Where women glow and SCO plunders?
I always thought it was, "Where women blow and then chunder".
; )
Which reminds me of...
You got me steaming at one hundred degrees!
Each time I see you I go weak at the knees!
But best of all, I love...
And then I started thinking, "Wait a minute, they have a record of every movie I've ever seen!"
I don't mind if a store keeps a record of what I have rented, solely for the purpose of allowing only myself to access that data, if and when I wish.
But these guys are keeping records of everything I buy from them. If I usually purchase original Coke Cola when I purchase a soft drink, what are they doing with that information?
Are they using the trends in the records of what time and days I come in to the store?
Are the video cameras linked to the POS terminals, to assure that each customer (of a desired demographic) can have their photo taken when they purchase something, to get info on what they wear? Perhaps taking a few photos scattered across the seasons, to sell that info to some large retail stores to find season trends for that area and desired demographic?
They could prove statistically that one person has some sort of a relationship with another person, based on how close (geographically and time wise) they each make purchases. They could thus prove that they go shopping together, travel between the same points and along the same routes (purchases made along the way, petrol, etc). They could even watch both their mobile phones switch from the same one cell to another one cell at approximately the same time, at very high consistencies.
What if one person is innocently and unknowingly hanging around with a criminal, who might be "getting up to no good" on days they spend together? Will the innocent person be implicated?
I wonder how far they go?
Makes me want to always pay cash and never carry a mobile phone.
When the laser scanners were coming out, everybody was saying, retailers are going to collect information about what you buy.
I am an Networking contractor. Some of my customers do this very thing.
A large chain of video rental stores in Sydney Australia spring to mind...
They DO collect data on what customers buy and retain the link between that data and that customer. The customer then receives promotional material via whatever channels they know how to get to you.
The store owner who told me this, assured me that all was okay because, they "don't sell that data".
That made me feel so much better.
If I promised to learn the metric system and not be an arrogant asshole, you think you could hook me up with a job and help me immigrate from the US to Australia?
You might not like our arseholes. ; )
The work situation here is not all that great, either.
lol what are you a man-page writer for the openbsd project or something :P
; ) No, I just love OpenBSD. I like all the big free BSD's.
regardless, it sounds like you're contradicting yourself a bit. we both seem to agree that some man pages rock (like books, some more than others). and you say yourself you've got great openbsd books.
You said, "who needs books, when you have such fantastic man pages!?" Apparently you did.
I purchase BSD related books when they come out, to encourage the publishing of further BSD books to generally help the BSD projects. Seriously. By the time I get to finish the book, a newer version is out, or more importantly, more up to date man pages are waiting for me.
Computer text books normally get used for reference, manual pages should serve this well, OpenBSD's man pages do.
I have also tried to purchase every official OpenBSD CD set since 2.5 (when I first tried it), I've bought loads of shirts and I even made a donation of brand new hardware. That donation did not make it because the drive model specifically requested was end-of-lifed and I could not find it anywhere else.
For me, purchasing books is one way I can support them.
If the manpages have all that you need, why would you consider the books that you own great, rather than just a rehash of the manpages?
I don't need books, with these. But it can be nice to flake out in bed and read a book.
Clearly you have a reason for liking the book, or buying the book in the first place.
It is not a need though, just a want.
Also, a novice openbsd user may not even know what the man pages are, sad as that may be.
After you install OpenBSD (at least), you get a message about what is expected of you as a user. Including the usage of apropos to answer your own questions. If you downloaded OpenBSD, there is a good chance you read something along these lines at the OpenBSD web site and if you purchased a CD set, the insert tells you too. That is why the developers and users get upset on the mailing lists, when someone asks a question (without enough of the required details) which was asked and answered just recently perhaps.
in my experiences i've noticed that man pages of commercial software are typically much better than free software (open source or not)
I agree with this completely, if you take OpenBSD out of the running.
OpenBSD is freeware, not commercial software.
That's why I said, "Leave the commercial World behind".
Not to mention the fact that, however good OpenBSD may be, there simply aren't enough commercial authors on the subject to really promote competition and encourage authors to put out *QUALITY* books.
Have you read any of the books?
I have almost all of them.
One of them is very high quality, as far as grammar goes and all of them are very high quality as far as technical details go.
But, who needs books, when you have such fantastic man pages!? People used to complain that there was no documentation for OpenBSD, yet completely ignored the fantastic man pages.
I've read many books that say things like "Again, Microsoft, in their infinite wisdom, has decided to deviate from the norm and bastardize protocol X -- so this is how you get it to work the way it SHOULD work"...you're typically not going to get that from the same company releasing the product, commercial or free...
I agree with this about commercial software but not the free stuff.
OpenBSD is about true freedom. You are empowered with the exensive man pages, good FAQ's, mailing lists and the source. OpenBSD often gives various ways to do one thing, but most importantly, they don't bastardize anything, so they don't have anything to hide.
If you feel there is bias, you can always find an alternative view elsewhere on the net. But chances are, that if OpenBSD does something a particular way, off from the norm, there is usually a very good reason for it.
Cisco. At least a couple years ago; I haven't dealt with them much lately. But their TAC (Technical Assistance Center) was outstanding.
Fair enough.
Precisely. I wish everyone did their jobs competently. I also wish for world peace.
Me too. [sigh] I was looking at that pic of Earth from Mars and thinking, what the hell are we doing to ourselves and our planet. We are mostly blessed by our natural luck and yet completely cursed by ourselves.
From names like Novell, Microsoft and CA.
Aren't these companies all known to suck?
I thought CA was good, until I got to deal with them. I guess I was ignorant to that. Sorry carlivar, I'm feeling a bit upset with the shitty state of the IT industry and with what people are willing to just accept.
I, on the other hand, have seen some quite successful projects with companies like Sun and Cisco.
Well, you've made me feel good that there might be some good left in IT. When I saw DEC die and then the top quality of companies like HP slowly disappear, I wondered if the industry would ever recover from companies like Dell.
Watching the Alpha mostly stagnate has depressed me too. The other day I was looking at some Mathematica benchmarks and noticed the Alpha still doing well. A 1.25GHz Alpha doing almost as well as a 3GHz P4-B. A little 1GHz G4, did pretty well, looking at the machines around it.
They SHOULD be hiring a top gun of their own, paying him an absolute shitload to stay and make sure he is comfortable and happy.
I completely agree, but what SHOULD happen often doesn't. Humans in general just aren't too bright. And eventually you get sick of complaining, or searching for The Perfect Company to work for (near your house).
; )
BTW, do you think Sun will drop the UltraSPARC in favour of AMD's (I know they are going to sell AMD64 systems), since the AMD64's are going to have massive economies of scale, 64 bit and per page security in-CPU?
It seems to me that Sun, IBM, HP and SGI have happily competed with each other in the 64 bit workstation arena, knowing that it is a niche they can safely share, but now grannies will soon have cheap fast 64 bit desktops capable of per page security in-CPU perhaps Sun realises that it is time to get off the UltraSPARC train and get on something they probably wouldn't have been able to compete with.
From what I've read, it seems the Apple G5's are getting accepted into the scientific 64 bit workstation arena and Sun probably sees this as a big warning sign. I personally would love to see Sun hardware (I like Sun gear) based on the AMD64's, since my favorite OS, OpenBSD, support stops at the IIi (?) in the UltraSPARC range and that is exacty the platform I want to run OpenBSD on.
I guess the irony here is, that if Sun released specs on the III to OpenBSD, I probably would have bought a III machine new from them, but instead I bought a IIi on eBay and by the time they start selling AMD64 systems, I might not bother buying a machine from them because the biggest desire I had is now everywhere! ; )
Peace.
I do not disagree. Often though, companies discourage such homegrown solutions because:
What's realistic for one admin, might be unrealistic for another.
They must not have much faith in admin candidates then or the current admins documentation skills or willingness. I know there are a lot of bad admins, but a company who typically goes to trouble to find a good admin, is willing to get one that provides real solutions (that work until someone pulls the plug) and documentation.
I have worked for companies, who have performed interview procedures that have taken months and in the end they did not choose anyone! Prefering to try again a little later after reviewing their advertising procedures! In this particular case, the senior admin could get by with overtime and other IT staff, until they could get the expert they wanted.
They don't go to all that trouble, just to get some guy who chooses a product out of a bunch of promotional pamphlets. One of the "impossibilities" I acheived is still working after about 8 years (PABX programing).
In Unix admin, that is what it is all about! Scripting, C, creative configurations, etc. You don't want to replace a good admin with a bad admin ever. The bad admin can wreck in weeks, what the good admin probably had going for years.
So what happens when the admin with the homegrown solution leaves the company?
Documentation. If the old admin did not do it, that is a failure of management.
If the old admin did do it, but the new admin is to arrogant or lazy to check it, then that is also a failure of management.
Hopefully they trained others on their solution, but we all know that can be wishful thinking.
Not from me. I was taking calls for weeks after I left one job, because people did not RTFM so to speak! Intranet documentation systems were in place when I got there, and seemingly I was one of the few to ever use it beyond the novelty factor.
Maybe the solution is "unrealistic" for other admins to support.
Never underestimate the value of a phone number to companies.
Can you name a good company helpdesk? One that is as good as say a BSD or Debian mailing list?
Management types get all warm and fuzzy knowing there's a phone number that can be called for problems/questions/blame.
I don't work for companies managed by such people. I have had arguments in job interviews because my point of view was "wrong" and the manager with the MBA was "right".
And that is how it should be. You don't want to work for some arsehole who hires someone who is to be told how to do their jobs.
You are describing crappy admins and crappy managers.
One of my major clients, tends to feel "warm and fuzzy about phone numbers" for some things. Time and time again I watch them hire complete moron cowboys who claimed initially that something would be implemented for $10k in 2 weeks, and it has then gone on to creep up slowly to more than double that and taken 6 months to implement something that just does not work (although vaguely appears to for a short while).
From names like Novell, Microsoft and CA.
They ring up the warm and fuzzy phone numbers and get different answers each time and yet often get asked the same bloody series of questions again, the helpdesk operator gets nervous because their questions are not on his "cheat-sheets" and says, "I'll ring you back" and then never does.
Companies are WRONG to feel warm and fuzzy about phone numbers and they are WRONG to implement such reliance all the time on outside entities for which they have practically no control over. They SHOULD be hiring a top gun of their own, paying him an absolute shitload to stay and make sure he is comfortable and happy.
BTW, the company I referenced here, is one of the most successful law firms on Earth. I won't go into details of who they are or who their clients are, but, you know many of their big clients and their vi
Of course, you could just as easily blame this problem on the existence of the metric system as on the Imperial one.
Just as easily? No way. I don't blame imperial. I blame its use amongst other Metric values.
But, metric is way more simple! You want to change up or down through the prefixes? Just shift a decimal point and change the prefix.
31/32 of an inch? 25/64 of an inch? Come on!
You have short tons and long tons, which vary by a small amount. And then now you have Metric Tons! You guys are going to keep the confusion alive even after you have converted to Metric!
The problem here is not with one system or the other, but with the fact that there were two.
Exactly my point. Potential for disaster increases.
The _real_ problem is that the units on a bare number weren't specified.
I find it really hard to beleive, that NASA would allow a bare number to get through a project of that magnitude to completion, without ever being questioned (How much mass does it have? 12. 12 what?). Doing that and mixing up Imperial/Metric might seem like both stupid mess-ups, but a bare number should not get through QA processes, whereas a single human error like accidentally reading a Metric value to be Imperial could be beleivable.
Can you provide a link to back that up? I've searched NASA's sites, I can't find something that specific.
The root cause (for this and other similar mishaps), as far as I can tell, is in the acceptance of two different units being acceptable in a field where extremely small tolerances can make astronomical mistakes.
What about avoiding errors where you're finest tolerances do not mesh cleanly between the units?
NASA wants US school children to learn the Metric system.
OpenBSD does make sense in small business situations, but for the enterprise it does not.
I can tell you, with authority, that I know that the two largest banks in my country, have at least used OpenBSD on some of their perimeters.
I say "at least" because I haven't seen all the perimeter firewalls and I say "used" because my info is about 2 years old. My guess, is that they use them on all, to this day, but I can't say for certain, I can only go off what internal software developers I still know have told me.
Dealing with 25 different openbsd machines with a text-based PF config on each does not sound fun to me.
Firewall rules are really dry.
Text is the safest and most efficient way to get the details across without any ambiguity.
Yeah I'm sure you could script some pretty cool central management out of it all, but that's not realistic for most places.
It all comes down to the admin. Many a time, I have achieved things that OEM's, vendors and previous "admins" have claimed to be "impossible". Often figuring out how to do it within minutes, which can be pretty embarassing for the ex admin.
What's realistic for one admin, might be unrealistic for another.
I'll happily concede that there are situations in which a commercially supported firewall with central management and deployment capability are a better choice than a unix box with a bolted-on packet filter.
I find comments like this, about Unix, hilarious. In Unix, the limit is YOU and your knowledge, intelligence and immagination.
PF is welded (very carefully) into the OpenBSD kernel. It is not "bolted on". A good packet filter is one of the most important parts of OpenBSD, and PF and the rest of the kernel get treated as such.
I know what you mean though, I wouldn't use Linux for firewalling either.
A huge group of remote firewalls can be remotely administered without even having any ports (eg ssh) open on them. You could set up an scp or rsync through ssh tunnel to periodically check back to a central server, which has all the remote configs saved on it. No big deal.
If you absolutely must be able to connect to the firewalls remotely at any time, then you will have to run a service on them. No thanks. I love using OpenBSD, but I won't even run sshd on an OpenBSD firewall with privsep. So little to gain and too much to lose. I prefer the firewalls connect to me with authentication and if I find out that sshd is vulnerable again, I simply shut it down on the central management server, patch it (ONE server) and then carry on.
"pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state"
How is this syntax -more- readable? Unless you know what your doing, both will look like absolute garbage!
Actually, it is English.
Pass packets coming in on the external interface as long as they are tcp protocol, from any IP specifically sent to our external interface (not just subnet noise) and as long as they are tcp services (ports) that we want, when the SYN flag in the tcp flags is ON (S/SA) and allow this established connection back in (keep state with less fuss next time).
Anyone who really does actually know TCP/IP well (someone you would want configuring your firewall), should be able to look at that line (and the rest of the config file(s) where those $macros are defined), and it should just make complete sense to them, because the terms or abreviations are obvious.
But you would buy a book on a commercial Unix variant?
Third-party books are frequently better than the documentation provided by the company
I've yet to find a book, which is as good as the OpenBSD man pages.
Leave the commercial World behind, read the PF man page and discover what you've been missing out on.
Sales reps (may) try to sell you on the seemless failover crap. Bottom line: lots of hoops, and I don't know that it's any easier than PIX's failover solution.
OpenBSD, PF, pfsync and carp.
Don't know whether it is easier or not, but it's bound to be cheaper. Especially if you read the doco and understand it.
OpenBSD does not need sales reps. It gets by on merit alone. So why not go check out why this is!