Public DNS records are something that it's not worth doing in-house any longer. Go with one of the DNS firms that give you multiple SOA servers, located in multiple data centers across the globe. A lot of registrar-based DNS options only offer the basics (no TXT or SRV records), or all of your SOA servers are in the same data center, leaving you vulnerable to a DDoS like this.
(Personally, we use DNSMadeEasy, but they're not the only game in town. Spending $60/yr to not have to personally maintain DNS servers has been well worth it.)
People making a big deal about this should perhaps rethink why they are entitled to someone else's work (the website) without respecting their terms (the ads).
We run ad-blockers (usually AdBlock Plus, but NoScript+FlashBlock are often required) because too many ad networks serve up malware. It's simple self-preservation at this point.
Tangential question: What's the advantage of having getters and setters vs. just accessing the variable directly?
The even better question is "why are your developers having to create the getter/setters by hand"? There are tools in Eclipse that will generate get/set methods. And if you make use of Spring Roo / AspectJ, you don't even have to deal with those methods for POJOs (plain old Java objects).
Nice part about Spring Roo is that you can always "push-in" anything that you want to do by hand. So if you need a custom get/set method, you just create it in the main.java file. Spring Roo will notice this and stop injecting their own version from the.aj (AspectJ) file.
There is a reason so many people think there should be an electrified fence across the Mexican border, while the Canadian border is essentially open.
Gee, you think that is solely because of racism? Or maybe because Mexico has a problem with rule-of-law and violent crime, unlike Canada?
I'm not saying that racism isn't part of the reason, but it's nowhere near the whole reason that folks want that fence. Which weakens any point that you were trying to make.
It's as I've said ever since the DOJ failed to split Microsoft up after convicting them of monopoly status. If the DOJ had split MS up, it would have done the company a huge favor in the long run.
Office needs to be its own company and expanded to run on everything from Linux to iOS to Android. Exchange and SQL Server need to be divested into a "server applications" type company with similar cross-platform goals. The operating system should be split off into its own company (heck, rewrite Windows Server to run on top of BSD, leverage all that MIT/BSD licensed code).
An even more rational organization would have moved over to running the whole thing on top of a BSD base and taken advantage of things like bash, csh, ksh, while offering PowerShell as just another option.
But, Microsoft, are kings of NIH and lock-in for the sake of lock-in.
That article is not an argument for not using salted hashes. Just because salt doesn't help prevent brute-force attacks, doesn't mean that salting is worthless. If nobody bothered to salt hashes, rainbow tables would become common again. (The reason nobody uses rainbow tables these days is because most lists are salted, rendering the rainbow table ineffective.)
Unfortunately, using hashes that take longer to calculate just moves the problem forward a few years.
They're doing something similar with MSDN, now to get a couple of new toys you need to get the Premium edition (which is 5x the cost of Professional). eg. To get TFS, you can have Professional... but to get all the features like the code review stuff they've been heavily plugging, you need Premium.
It provides me with much amusement as I watch developers / companies opt for the Microsoft solution because they got a good upfront deal. There's all sorts of special programs where Microsoft gives you the software for near free if you are of a certain company size, etc.
Then, once you've tied yourself to their software stack, you no longer qualify for the deep discount.
So many of these companies would be far better served by the modular nature of Open Source solutions. Solars / Linux / BSD are all pretty interchangeable, so if you pick a software stack that runs on all three you have a lot more choice and stability long-term.
Not that simple. Research the differences between kinetic learners, visual learners and auditory learners. Different people find it easier to understand concepts when they are taught in a way that uses their preferred communication style.
You may also want to look at "FSVS" for storing Linux machine configs in SVN. We rely on it heavily and it has some options for doing multiple instances all hanging off a single repo.
Frankly, in 99% of the cases, I just want to know what I changed that borked something, or how I did something 3 years ago and what lines I changed in the config file. So I don't use the multiple machines based off a single repository feature.
Whether you use git/mg/etc (distributed VCS) or centralized VCS systems (SVN, etc) has a lot to do with the level of control that you desire/need and how much centralization you desire/need.
For some development projects / communities, where everyone is independent and rarely connected to a central point, the distributed VCS make more sense. The downside is that you have to rely on developers to push their changes to some "master". On the other hand, it means they can work offline / disconnected.
For the less technical users, centralized VCS like SVN makes more sense. As long as you can get them to commit the changes, you're ensured that those changes are now on a server/machine that is getting backed up and taken care of.
$2.00-$2.50 per GB is "too much"? The Intel 200GB units are only $400-$450 each. The 15k RPM SAS 300GB units are down to $200 now ($0.67/GB).
That's only a 3x-4x cost difference, vs what used to be 10x-30x cost difference. Plus instead of using RAID 0+1 setups on 15k SAS drives for write-heavy workloads, you can possibly use RAID-6 on SSDs instead and still get better performance.
A 10 year old SSD that's been in a low write environment? No problem! A 20 year old SSD in a low write environment? No problem! Leave it on the shelf for 10 of those years (properly stored, in an anti-static bag and proper environmental), no problem!
Big problem if you're thinking of pulling data back off of those drives. Because a lot of SSDs will only hold data for 3-12 months if unpowered (some units do better at 3-5 years, but only if they are custom tuned for the purpose).
Newer lock systems that are designed to reuse water are going to need pumps to move water in/out of the storage basins. Without the water re-use, the Panama canal would not have enough annual rainfall to move those post-Panamax ships. With the water re-use concept, moving a post-Panamax ship through the locks takes about the same amount of water as the current locks do with Panamax ships.
Eh, at $200/port, it's something that you'll use on the backbone and the core switches and the really big servers which can generate multi-Gbps traffic. LCAP / bonding only gets you so far.
Thanks, I was wondering what the price/port was these days for 24/48 port switches. Figured it was still in the $200/port range.
Only the biggest of the biggest will buy $125-200/port switches. Once it gets down to $40-$50 per port, you'll see a much faster adoption rate. Just like what happened with GigE, which was stuck at the $40-$50 per port range for a long time.
I know quite a few people that I talked to at a user conference (for proprietary software that we all pay a lot of money for each year) have switched to Samba4.
It's apparently good enough to roll out into production at sites that are tired of paying the Microsoft tax every year for file and print services.
(Note that this proprietary software that we all purchase each year runs on unix/linux/solaris. So these companies are already using non-Windows servers.)
Web based mail is great until you don't have access to it due to an outage, etc. At least with Exchange and outlook you have an off-line copy to work from.
Who says you have to only do webmail? Use standard protocols like IMAP and give your users IMAP clients which are capable of downloading and storing messages for offline use. (Most desktop mail clients offer this option.)
Then stack groupware on top of that that reuses your SMTP/IMAP infrastructure and gives you shared contacts, calendar, etc. Now your users have multiple ways to get access to what they want.
Been there, tried that, went back to Linux servers. All Windows Server "core" is proving is that those who try to reinvent unix (or linux) will do it badly.
There's a lot of administrative stuff that is just opaque or impossible to do on server "core" unless you install software onto your Windows Desktop in order to manage it.
And as much as people hated the old.INI text files for configuration - they are easily readable, easily version controlled, and easy to copy/paste configurations from one system to another. Heck, with tools like FSVS, you can version control an entire Linux server to keep track of every bit of software you installed or configuration files that you touched.
Made a change and now it's not working? But can't remember what you did? Pull up the configuration file in your version control system and do a diff.
I can confirm anti-depressants work fine if you're correctly diagnosed with depression.
I can tell the difference too. Mostly in what I think about at night while falling asleep. Taking the Lexapro? I have normal levels of anxiety about current and upcoming tasks and the usual stuff. Things that pretty much everybody tosses and turns over. Off the Lexapro for more then a few weeks? Thoughts of suicide and constant dwelling on past mistakes (going back to childhood, teen and early adut years).
When I get to the point where I'm starting to consider planning a way out, it's time to ring up my doctor and yell for help. It's like any other disease, know your symptoms, know when you're getting worse, don't be afraid to get your doctor's attention. The trick is to do that before you become too irrational to do so...
CBT is there to get you out of the rut, once you are rational enough to recognize the rut. It's a very good therapy, but not the only answer.
The problem is, if your depression is chemical in nature (or physical) rather then just external influences (significant other just died, other life events / catastrophes), you will hardly ever get out of that rut on your own.
Which is where the medications come in. When they work correctly, they keep you from getting into the rut of irrationality, or at least make it so that the deep rut is only a slight depression.
Basically, in depression, we're our own worst enemy if untreated. CBT doesn't change that, but it makes it easier to recover.
Although I have to admit, I sure see an assload of this type of crap in the logs:
The simple solution there is to move SSH off of the default port (of 22) and to some other port in the 1-1024 range. You'll end up with a lot less crap in the log files as a result.
Which makes it easier to see the real threats because they aren't camouflaged by hundreds of other errors in the logs.
Any public side SSH service where you are only using SSH for administration of the machine should be:
1) Disallowing password-based authentication. Use only SSH key pairs instead for authentication. Now the attacker also needs to steal your private SSH key (and possibly find out the password as well). You've just made it a lot more difficult for them.
2) Moved to an alternate port. This doesn't make you immune to attacks, but it does mean that you'll see less garbage in your log files. Most brute-force attack botnets only look at port 22 before moving on. By moving to an alternate port, you're no longer low-hanging fruit and most automated attacks will pass you by. By having less garbage in the log file, any organized attacker stands out more clearly.
3) Disallow login to root via SSH. Even for an internal-only machine that never talks to the outside world it's a better move to require users to authenticate as themselves and then "su" or "sudo" in order to perform root level tasks.
Newer diesel boats use sterling engines and carry liquid oxygen. Which means they are a lot quieter and can stay under for much longer periods (a few weeks). While they don't have the multi-month endurance of the nuclear boats, being able to go silent for a few weeks is pretty darned good.
Slashdot Mirror
Public DNS records are something that it's not worth doing in-house any longer. Go with one of the DNS firms that give you multiple SOA servers, located in multiple data centers across the globe. A lot of registrar-based DNS options only offer the basics (no TXT or SRV records), or all of your SOA servers are in the same data center, leaving you vulnerable to a DDoS like this.
(Personally, we use DNSMadeEasy, but they're not the only game in town. Spending $60/yr to not have to personally maintain DNS servers has been well worth it.)
People making a big deal about this should perhaps rethink why they are entitled to someone else's work (the website) without respecting their terms (the ads).
We run ad-blockers (usually AdBlock Plus, but NoScript+FlashBlock are often required) because too many ad networks serve up malware. It's simple self-preservation at this point.
Tangential question: What's the advantage of having getters and setters vs. just accessing the variable directly?
.java file. Spring Roo will notice this and stop injecting their own version from the .aj (AspectJ) file.
The even better question is "why are your developers having to create the getter/setters by hand"? There are tools in Eclipse that will generate get/set methods. And if you make use of Spring Roo / AspectJ, you don't even have to deal with those methods for POJOs (plain old Java objects).
Nice part about Spring Roo is that you can always "push-in" anything that you want to do by hand. So if you need a custom get/set method, you just create it in the main
There is a reason so many people think there should be an electrified fence across the Mexican border, while the Canadian border is essentially open.
Gee, you think that is solely because of racism? Or maybe because Mexico has a problem with rule-of-law and violent crime, unlike Canada?
I'm not saying that racism isn't part of the reason, but it's nowhere near the whole reason that folks want that fence. Which weakens any point that you were trying to make.
It's as I've said ever since the DOJ failed to split Microsoft up after convicting them of monopoly status. If the DOJ had split MS up, it would have done the company a huge favor in the long run.
Office needs to be its own company and expanded to run on everything from Linux to iOS to Android. Exchange and SQL Server need to be divested into a "server applications" type company with similar cross-platform goals. The operating system should be split off into its own company (heck, rewrite Windows Server to run on top of BSD, leverage all that MIT/BSD licensed code).
An even more rational organization would have moved over to running the whole thing on top of a BSD base and taken advantage of things like bash, csh, ksh, while offering PowerShell as just another option.
But, Microsoft, are kings of NIH and lock-in for the sake of lock-in.
That article is not an argument for not using salted hashes. Just because salt doesn't help prevent brute-force attacks, doesn't mean that salting is worthless. If nobody bothered to salt hashes, rainbow tables would become common again. (The reason nobody uses rainbow tables these days is because most lists are salted, rendering the rainbow table ineffective.)
Unfortunately, using hashes that take longer to calculate just moves the problem forward a few years.
They're doing something similar with MSDN, now to get a couple of new toys you need to get the Premium edition (which is 5x the cost of Professional). eg. To get TFS, you can have Professional... but to get all the features like the code review stuff they've been heavily plugging, you need Premium.
It provides me with much amusement as I watch developers / companies opt for the Microsoft solution because they got a good upfront deal. There's all sorts of special programs where Microsoft gives you the software for near free if you are of a certain company size, etc.
Then, once you've tied yourself to their software stack, you no longer qualify for the deep discount.
So many of these companies would be far better served by the modular nature of Open Source solutions. Solars / Linux / BSD are all pretty interchangeable, so if you pick a software stack that runs on all three you have a lot more choice and stability long-term.
Not that simple. Research the differences between kinetic learners, visual learners and auditory learners. Different people find it easier to understand concepts when they are taught in a way that uses their preferred communication style.
You may also want to look at "FSVS" for storing Linux machine configs in SVN. We rely on it heavily and it has some options for doing multiple instances all hanging off a single repo.
Frankly, in 99% of the cases, I just want to know what I changed that borked something, or how I did something 3 years ago and what lines I changed in the config file. So I don't use the multiple machines based off a single repository feature.
We use "FSVS" on the Linux boxes around here. It stores the contents in a SVN repository.
Whether you use git/mg/etc (distributed VCS) or centralized VCS systems (SVN, etc) has a lot to do with the level of control that you desire/need and how much centralization you desire/need.
For some development projects / communities, where everyone is independent and rarely connected to a central point, the distributed VCS make more sense. The downside is that you have to rely on developers to push their changes to some "master". On the other hand, it means they can work offline / disconnected.
For the less technical users, centralized VCS like SVN makes more sense. As long as you can get them to commit the changes, you're ensured that those changes are now on a server/machine that is getting backed up and taken care of.
$2.00-$2.50 per GB is "too much"? The Intel 200GB units are only $400-$450 each. The 15k RPM SAS 300GB units are down to $200 now ($0.67/GB).
That's only a 3x-4x cost difference, vs what used to be 10x-30x cost difference. Plus instead of using RAID 0+1 setups on 15k SAS drives for write-heavy workloads, you can possibly use RAID-6 on SSDs instead and still get better performance.
A 10 year old SSD that's been in a low write environment? No problem! A 20 year old SSD in a low write environment? No problem! Leave it on the shelf for 10 of those years (properly stored, in an anti-static bag and proper environmental), no problem!
Big problem if you're thinking of pulling data back off of those drives. Because a lot of SSDs will only hold data for 3-12 months if unpowered (some units do better at 3-5 years, but only if they are custom tuned for the purpose).
Newer lock systems that are designed to reuse water are going to need pumps to move water in/out of the storage basins. Without the water re-use, the Panama canal would not have enough annual rainfall to move those post-Panamax ships. With the water re-use concept, moving a post-Panamax ship through the locks takes about the same amount of water as the current locks do with Panamax ships.
Eh, at $200/port, it's something that you'll use on the backbone and the core switches and the really big servers which can generate multi-Gbps traffic. LCAP / bonding only gets you so far.
Thanks, I was wondering what the price/port was these days for 24/48 port switches. Figured it was still in the $200/port range.
Only the biggest of the biggest will buy $125-200/port switches. Once it gets down to $40-$50 per port, you'll see a much faster adoption rate. Just like what happened with GigE, which was stuck at the $40-$50 per port range for a long time.
I know quite a few people that I talked to at a user conference (for proprietary software that we all pay a lot of money for each year) have switched to Samba4.
It's apparently good enough to roll out into production at sites that are tired of paying the Microsoft tax every year for file and print services.
(Note that this proprietary software that we all purchase each year runs on unix/linux/solaris. So these companies are already using non-Windows servers.)
Web based mail is great until you don't have access to it due to an outage, etc. At least with Exchange and outlook you have an off-line copy to work from.
Who says you have to only do webmail? Use standard protocols like IMAP and give your users IMAP clients which are capable of downloading and storing messages for offline use. (Most desktop mail clients offer this option.)
Then stack groupware on top of that that reuses your SMTP/IMAP infrastructure and gives you shared contacts, calendar, etc. Now your users have multiple ways to get access to what they want.
Been there, tried that, went back to Linux servers. All Windows Server "core" is proving is that those who try to reinvent unix (or linux) will do it badly.
.INI text files for configuration - they are easily readable, easily version controlled, and easy to copy/paste configurations from one system to another. Heck, with tools like FSVS, you can version control an entire Linux server to keep track of every bit of software you installed or configuration files that you touched.
There's a lot of administrative stuff that is just opaque or impossible to do on server "core" unless you install software onto your Windows Desktop in order to manage it.
And as much as people hated the old
Made a change and now it's not working? But can't remember what you did? Pull up the configuration file in your version control system and do a diff.
I can confirm anti-depressants work fine if you're correctly diagnosed with depression.
I can tell the difference too. Mostly in what I think about at night while falling asleep. Taking the Lexapro? I have normal levels of anxiety about current and upcoming tasks and the usual stuff. Things that pretty much everybody tosses and turns over. Off the Lexapro for more then a few weeks? Thoughts of suicide and constant dwelling on past mistakes (going back to childhood, teen and early adut years).
When I get to the point where I'm starting to consider planning a way out, it's time to ring up my doctor and yell for help. It's like any other disease, know your symptoms, know when you're getting worse, don't be afraid to get your doctor's attention. The trick is to do that before you become too irrational to do so...
CBT is there to get you out of the rut, once you are rational enough to recognize the rut. It's a very good therapy, but not the only answer.
The problem is, if your depression is chemical in nature (or physical) rather then just external influences (significant other just died, other life events / catastrophes), you will hardly ever get out of that rut on your own.
Which is where the medications come in. When they work correctly, they keep you from getting into the rut of irrationality, or at least make it so that the deep rut is only a slight depression.
Basically, in depression, we're our own worst enemy if untreated. CBT doesn't change that, but it makes it easier to recover.
Although I have to admit, I sure see an assload of this type of crap in the logs:
The simple solution there is to move SSH off of the default port (of 22) and to some other port in the 1-1024 range. You'll end up with a lot less crap in the log files as a result.
Which makes it easier to see the real threats because they aren't camouflaged by hundreds of other errors in the logs.
So does this mean I need to remove sshd?
Any public side SSH service where you are only using SSH for administration of the machine should be:
1) Disallowing password-based authentication. Use only SSH key pairs instead for authentication. Now the attacker also needs to steal your private SSH key (and possibly find out the password as well). You've just made it a lot more difficult for them.
2) Moved to an alternate port. This doesn't make you immune to attacks, but it does mean that you'll see less garbage in your log files. Most brute-force attack botnets only look at port 22 before moving on. By moving to an alternate port, you're no longer low-hanging fruit and most automated attacks will pass you by. By having less garbage in the log file, any organized attacker stands out more clearly.
3) Disallow login to root via SSH. Even for an internal-only machine that never talks to the outside world it's a better move to require users to authenticate as themselves and then "su" or "sudo" in order to perform root level tasks.
Newer diesel boats use sterling engines and carry liquid oxygen. Which means they are a lot quieter and can stay under for much longer periods (a few weeks). While they don't have the multi-month endurance of the nuclear boats, being able to go silent for a few weeks is pretty darned good.