That's not how airspace is licensed by the FCC. Yes, with the correct conditions, you can get SW signals from the other side of the planet. That's not the point. Any OTA station is licensed for a specific radiated power to reach a certain distance. 2 stations 50 miles apart will NOT be given the same channel.
Based on the DMA listings, there are no markets with 48 broadcasters. Also, the FCC will not (read: actively avoids) assigning neighboring channels within the same market/region to avoid interference. Please tell us which DMA you are listing, and include the call signs of those 48 stations.
Negative. I doubt there was any other way to get him to give up control of the network he created (and f'ing copyrighted.) Proper management was the answer, but because his manager allowed his ego to run free, we have a nice cautionary tale.
I'm sorry, but that's the a**hole way of running a network... make the place unnecessarily complex so you're the only one who knows how any of it works so "they don't dare fire me." That rarely works out well -- and often encourages firings. Having been the replacement and consultant called in to sort it all out, I support the death penalty for such people.
IOS on switches isn't only about consistency (else they wouldn't be rolling out a whole new generation of NX-OS) but rather about adding all the valuable routing and services code they've spent years developing to a wider array of devices.
You must be new, and never talked to Cisco engineers from the period. They were putting IOS on switches long before they had any L3 switches. The L2 hardware wasn't (and still isn't) part of the routing domain. Sure, they can run a routing process, but they don't route. They only have an IP address for management; in a perfect world, that network is isolated for security. The ONLY reason for running IOS on everything was to have the same interface on everything. Instead of having to understand the pix firewalls, the catalyst switches, the ios routers, etc., if they all run IOS, your engineers only have to understand one language. You don't have to have completely independent software development camps. And training becomes a lot less complicated.
The vision hasn't exactly held together:-) IOS, IOS XR, NX-OS, Linux based ASA's, etc. However, from a bird's eye view, they're configured more-or-less the same way. (it's not as bad as CatOS vs. IOS.)
[In Cisco circles, mls (multilayer switching) is something very different.]
I recall the story of the telco electricians "losing" a screw driver. They dropped it (accidentally) into a 400A(?) -48VDC distribution panel. They couldn't even find the handle. And it didn't trip anything.:-)
This sounds a lot like the MaxTNT story at PSINet... those things are left-right vented. So a few rows of those things can stack a great deal of heat across a room. Their solution was bits of cardboard to deflect the air.
I can personally atest to the chimney effect with a rack of USR Total Control modem shelves. The air into the bottom one was 20C; the air at the top (through 7 shelves) was 38C. Bottom line... don't stack them on top of each other, and don't put that many in a single rack.
The air setting things on fire, I doubt. However, the components being cooled certainly can get hot enough to spark lint. It's a Bad Idea(tm) but it can happen.
Indeed. This fondly reminds me of finding a warez server on the corp. lan. From looking at the traffic graphs (mrtg) to standing at his desk... under 15 minutes. The machine in question... sitting on the desk across from his minus a 3com nic and a WD hard drive. He had "gone for a smoke." "Send him to my desk when he gets back," as I walk away with the still hot mini-tower.
(Moral: if you're going to run a warez server, you might want to talk to the admin who's going to notice a 5000% increase in traffic.)
If it's done Right(tm), it should cause a continous collision. Which any good hub sees as a "jabber" condition and disables ("partition") the port. A very cheap "virtual wire" hub on the other hand, jams every port. (and if left like this long enough, might actually burn out.)
You should've left it with the "cow goes moo" definitions. The definition is the definition. Hubs operate at level 1 -- they are, for lack of better term, analog devices. (I have a 10base-2 hub ("repeater") and there isn't a single peice of digital anything in it.) Switches are layer 2 devices -- Frame Relay Switch, ATM Switch, Ethernet Switch, etc. They look at layer 2 information to decide what to do. Routers pay attention to layer 3 information -- IP (v4 or v6), IPX, Appletalk, etc. How they go about do this forwarding is irrelevant to the classification -- 'tho almost all traffic forwarding, be it at layer 2 or 3, is done "in silicon" by specialize processors these days leaving the general purpose cpu to handle configuration and general management. (routing protocols, vlan tables, dot11 authentication, etc.)
Yes, there are devices that blur the line. But that doesn't change the definitions. Routing happens at layer 3. Switch happens at layer 2. That does not preclude a single device from doing both. What you call such a device is open to marketing meetings.:-) Lots of people call them "Layer 3 Switches"; Nortel calls them "Ethernet Routing Switches".
BTW, the reason (some) Cisco switches run IOS is for consistency. There was a time when they wanted everything to run IOS. There are still some switches that run CatOS -- a hold over from the purchase of Kalpana(?). The current generation PIX/ASA firewalls have configurations that look very much like IOS.
A L3 switch is a switch that can do IP (IPv6) routing. An unmanaged switch is never a "L3 switch". If your switch has an ip address for management only, then it isn't a L3 switch. There are L3 switches with a few as 4 or 8 ports upwards to hundreds of ports, exactly like L2 switches -- the number of ports means nothing. You'll have to read the specs for the device.
No one makes true hubs anymore. It would very likely be a 10base-something device to boot. Yes, there were (are) 100meg hubs -- there are two sitting in my lab -- but by then switches (aka bridges) were becoming the norm. Today, networking standards don't support such things -- 1G, 10G, 40G, 100G, etc. are all full duplex transports.
Few people get to build and maintain the Perfect Network(tm). Even when building a new network from the ground up, there are often constraints limiting the design. (money being in the top two.) When you're handed a random network, rarely (closer to never) do you have the luxury of rebuilding it. Even the simple operation of cleaning up a decade of spaghettified wiring has it's issues.
It wasn't really "sabotage". It was "agressively secured". He knew others knew how to bypass authentication means and get back into the router/switch -- Cisco's documented password recovery process. So, he didn't store a full (or any at all?) config in NVRAM; reboot it and it'll come back blank. Later he learned about "no service password-recovery", and thought that was good enough to allow saving the config. (that one is much harder to get around.)
I've not read anywhere that there were any backups of any router config. He must have had something, somewhere. That's an awefully big network to keep entirely in one's head.
Or simply seal all bids until the end, or only allow one bid... Then no one knows what anyone else has bid and you don't get into lame "over spending" bidding wars.
The problem with sniping is that people rarely have a hard maximum -- and even rarer that they stick to it. Plus, seeing other people bidding on an item spurs others to bid on it. I've seen items not sell repeatedly (relisted 5+ times, at the same price) yet get plenty of traffic; as soon as one person places a $0.99 bid, the bidding war is on. (nobody is interested until someone else is.)
His idea of "authorized" was a bit screwy at best. I seriously doubt the City would've cared one bit about him once they had control of there network -- after all, any sane organization would change that password as soon as possible. (and audit everything to make sure he doesn't have any backdoors.) Granted, a sane org would never have gotten into this mess to begin with.
That you can't understand this shows you've chosen "sides"...
Yes, but not the side you think. I do not think Childs deserves to go to prison. But the law is the law. Just because you or I don't like it doesn't make them disappear. As I've said repeatedly, this situation should never have existed in the first place, but due to weak and ineffective management, Childs' ego was allowed to run free. (if he goes to jail, then management deserves to go with him. except that he's the only one who's broken any actual laws.)
What you are unable to get through your thick skull is that the passwords are company property; he refused to return this property (and apparently other documents and data), and in so doing, held the network hostage. Your payroll status does not matter when it comes to returning what is not yours to keep. Ownership applies to information as much as it does physical property. A company asset is still a company asset, even if it's copied to your hard drive in your laptop, carried into your home, and printed to your printer using your ink, your paper, and your electricity. When you are no longer employed by that company, you are required to return their assets -- in this case, delete the file from your hard drive (and make no attempts to recover it), and either return or destroy the printout.
Prior to being fired, he was ordered to hand over the password(s). He refused. He was ordered to setup accounts for others to access the systems. Again, he didn't. So they fired him -- "insubordination". He continued refusing to hand over the password(s) -- failing to return any and all company property, effectively holding the network for ransom. Any sane person could see where this was headed. Childs obviously wasn't one of them.
He was trying to extort his job back. He wasn't being malicious. He genuinely thought he was protecting the network, and that he'd get his job back when they came to their senses.
This is not a precedent for locking up sysadmins. It's a cautionary tale to remind everyone to not let this BS happen in the first place.
I've worked in places where the cert was left encrypted. An unencrypted cert can be stolen by anyone who gets into the server. For most people, that's not the end of the world. But if it happens to your bank or paypal, then it's a very different mess.
(Those people should be using SSL hardware where the key is protected. But that stuff isn't cheap, or easy to manage.)
You are completely, 100%, WRONG. Passwords are not simply "knowledge"; they are virtual keys. And since he heald the only key, it is not unreasonable for him to provide it. Writing down a password is not work. By that definition, the paperwork one signs in the process of termination is "work"; cleaning out your desk is "work"; pushing an elevator button is "work".
I strongly advise you talk to your lawyer before clinging to such nonsense and ending up in prison along side Childs.
Slashdot Mirror
Get your eyes checked. My UID is right there. ('tho sometimes clicking links in email fails to send the login cookie.)
That's not how airspace is licensed by the FCC. Yes, with the correct conditions, you can get SW signals from the other side of the planet. That's not the point. Any OTA station is licensed for a specific radiated power to reach a certain distance. 2 stations 50 miles apart will NOT be given the same channel.
Based on the DMA listings, there are no markets with 48 broadcasters. Also, the FCC will not (read: actively avoids) assigning neighboring channels within the same market/region to avoid interference. Please tell us which DMA you are listing, and include the call signs of those 48 stations.
Heh. Well, 1% of it at least. (reportedly) I didn't notice anything at all. (there were rumblings on NANOG since Thursday/Friday.)
Negative. I doubt there was any other way to get him to give up control of the network he created (and f'ing copyrighted.) Proper management was the answer, but because his manager allowed his ego to run free, we have a nice cautionary tale.
I'm sorry, but that's the a**hole way of running a network... make the place unnecessarily complex so you're the only one who knows how any of it works so "they don't dare fire me." That rarely works out well -- and often encourages firings. Having been the replacement and consultant called in to sort it all out, I support the death penalty for such people.
Except some (ex-)employers would just as soon sue you instead. Terry Childs aside, this happens far more than you read about in the news.
You must be new, and never talked to Cisco engineers from the period. They were putting IOS on switches long before they had any L3 switches. The L2 hardware wasn't (and still isn't) part of the routing domain. Sure, they can run a routing process, but they don't route. They only have an IP address for management; in a perfect world, that network is isolated for security. The ONLY reason for running IOS on everything was to have the same interface on everything. Instead of having to understand the pix firewalls, the catalyst switches, the ios routers, etc., if they all run IOS, your engineers only have to understand one language. You don't have to have completely independent software development camps. And training becomes a lot less complicated.
The vision hasn't exactly held together :-) IOS, IOS XR, NX-OS, Linux based ASA's, etc. However, from a bird's eye view, they're configured more-or-less the same way. (it's not as bad as CatOS vs. IOS.)
[In Cisco circles, mls (multilayer switching) is something very different.]
I recall the story of the telco electricians "losing" a screw driver. They dropped it (accidentally) into a 400A(?) -48VDC distribution panel. They couldn't even find the handle. And it didn't trip anything. :-)
This sounds a lot like the MaxTNT story at PSINet... those things are left-right vented. So a few rows of those things can stack a great deal of heat across a room. Their solution was bits of cardboard to deflect the air.
I can personally atest to the chimney effect with a rack of USR Total Control modem shelves. The air into the bottom one was 20C; the air at the top (through 7 shelves) was 38C. Bottom line... don't stack them on top of each other, and don't put that many in a single rack.
The air setting things on fire, I doubt. However, the components being cooled certainly can get hot enough to spark lint. It's a Bad Idea(tm) but it can happen.
Indeed. This fondly reminds me of finding a warez server on the corp. lan. From looking at the traffic graphs (mrtg) to standing at his desk... under 15 minutes. The machine in question... sitting on the desk across from his minus a 3com nic and a WD hard drive. He had "gone for a smoke." "Send him to my desk when he gets back," as I walk away with the still hot mini-tower.
(Moral: if you're going to run a warez server, you might want to talk to the admin who's going to notice a 5000% increase in traffic.)
Dumb, unmanaged switches don't do spanning-tree.
At any rate, it shouldn't take DAYS to find a single device. Start unplugging cables until the flood stops... follow that cable and repeat.
If it's done Right(tm), it should cause a continous collision. Which any good hub sees as a "jabber" condition and disables ("partition") the port. A very cheap "virtual wire" hub on the other hand, jams every port. (and if left like this long enough, might actually burn out.)
You should've left it with the "cow goes moo" definitions. The definition is the definition. Hubs operate at level 1 -- they are, for lack of better term, analog devices. (I have a 10base-2 hub ("repeater") and there isn't a single peice of digital anything in it.) Switches are layer 2 devices -- Frame Relay Switch, ATM Switch, Ethernet Switch, etc. They look at layer 2 information to decide what to do. Routers pay attention to layer 3 information -- IP (v4 or v6), IPX, Appletalk, etc. How they go about do this forwarding is irrelevant to the classification -- 'tho almost all traffic forwarding, be it at layer 2 or 3, is done "in silicon" by specialize processors these days leaving the general purpose cpu to handle configuration and general management. (routing protocols, vlan tables, dot11 authentication, etc.)
Yes, there are devices that blur the line. But that doesn't change the definitions. Routing happens at layer 3. Switch happens at layer 2. That does not preclude a single device from doing both. What you call such a device is open to marketing meetings. :-) Lots of people call them "Layer 3 Switches"; Nortel calls them "Ethernet Routing Switches".
BTW, the reason (some) Cisco switches run IOS is for consistency. There was a time when they wanted everything to run IOS. There are still some switches that run CatOS -- a hold over from the purchase of Kalpana(?). The current generation PIX/ASA firewalls have configurations that look very much like IOS.
A L3 switch is a switch that can do IP (IPv6) routing. An unmanaged switch is never a "L3 switch". If your switch has an ip address for management only, then it isn't a L3 switch. There are L3 switches with a few as 4 or 8 ports upwards to hundreds of ports, exactly like L2 switches -- the number of ports means nothing. You'll have to read the specs for the device.
... or using a tap from the start would have made this a 5 min job.
No one makes true hubs anymore. It would very likely be a 10base-something device to boot. Yes, there were (are) 100meg hubs -- there are two sitting in my lab -- but by then switches (aka bridges) were becoming the norm. Today, networking standards don't support such things -- 1G, 10G, 40G, 100G, etc. are all full duplex transports.
Few people get to build and maintain the Perfect Network(tm). Even when building a new network from the ground up, there are often constraints limiting the design. (money being in the top two.) When you're handed a random network, rarely (closer to never) do you have the luxury of rebuilding it. Even the simple operation of cleaning up a decade of spaghettified wiring has it's issues.
It wasn't really "sabotage". It was "agressively secured". He knew others knew how to bypass authentication means and get back into the router/switch -- Cisco's documented password recovery process. So, he didn't store a full (or any at all?) config in NVRAM; reboot it and it'll come back blank. Later he learned about "no service password-recovery", and thought that was good enough to allow saving the config. (that one is much harder to get around.)
I've not read anywhere that there were any backups of any router config. He must have had something, somewhere. That's an awefully big network to keep entirely in one's head.
Or simply seal all bids until the end, or only allow one bid... Then no one knows what anyone else has bid and you don't get into lame "over spending" bidding wars.
The problem with sniping is that people rarely have a hard maximum -- and even rarer that they stick to it. Plus, seeing other people bidding on an item spurs others to bid on it. I've seen items not sell repeatedly (relisted 5+ times, at the same price) yet get plenty of traffic; as soon as one person places a $0.99 bid, the bidding war is on. (nobody is interested until someone else is.)
His idea of "authorized" was a bit screwy at best. I seriously doubt the City would've cared one bit about him once they had control of there network -- after all, any sane organization would change that password as soon as possible. (and audit everything to make sure he doesn't have any backdoors.) Granted, a sane org would never have gotten into this mess to begin with.
Yes, but not the side you think. I do not think Childs deserves to go to prison. But the law is the law. Just because you or I don't like it doesn't make them disappear. As I've said repeatedly, this situation should never have existed in the first place, but due to weak and ineffective management, Childs' ego was allowed to run free. (if he goes to jail, then management deserves to go with him. except that he's the only one who's broken any actual laws.)
What you are unable to get through your thick skull is that the passwords are company property; he refused to return this property (and apparently other documents and data), and in so doing, held the network hostage. Your payroll status does not matter when it comes to returning what is not yours to keep. Ownership applies to information as much as it does physical property. A company asset is still a company asset, even if it's copied to your hard drive in your laptop, carried into your home, and printed to your printer using your ink, your paper, and your electricity. When you are no longer employed by that company, you are required to return their assets -- in this case, delete the file from your hard drive (and make no attempts to recover it), and either return or destroy the printout.
Prior to being fired, he was ordered to hand over the password(s). He refused. He was ordered to setup accounts for others to access the systems. Again, he didn't. So they fired him -- "insubordination". He continued refusing to hand over the password(s) -- failing to return any and all company property, effectively holding the network for ransom. Any sane person could see where this was headed. Childs obviously wasn't one of them.
He was trying to extort his job back. He wasn't being malicious. He genuinely thought he was protecting the network, and that he'd get his job back when they came to their senses.
This is not a precedent for locking up sysadmins. It's a cautionary tale to remind everyone to not let this BS happen in the first place.
I've worked in places where the cert was left encrypted. An unencrypted cert can be stolen by anyone who gets into the server. For most people, that's not the end of the world. But if it happens to your bank or paypal, then it's a very different mess.
(Those people should be using SSL hardware where the key is protected. But that stuff isn't cheap, or easy to manage.)
You are completely, 100%, WRONG. Passwords are not simply "knowledge"; they are virtual keys. And since he heald the only key, it is not unreasonable for him to provide it. Writing down a password is not work. By that definition, the paperwork one signs in the process of termination is "work"; cleaning out your desk is "work"; pushing an elevator button is "work".
I strongly advise you talk to your lawyer before clinging to such nonsense and ending up in prison along side Childs.