The very first word in your "+5 Informative" diatribe is a derogatory term blanketing all administrators of Windows systems. Anything else you have to say should now be taken as extremely biased, if not plain ignorant. I've been an administrator of Unix systems for over 20 years, and an administrator of Linux and Windows servers since their early days. Being a Windows admin does not mean that one is uniformed or technically inept, any more than being a *nix admin makes one smarter.
- require https over http to devices, yet still have telnet access enabled.
I'm sure I have several devices on my network with telnet enabled. Why should I bother disabling it? I don't use it, so its vulnerability to password sniffing is irrelevant.
And what do any of your gripes have to do with whether or not Unix servers should be rebooted?
Does anyone else thing it's rather silly that ICANN is seriously considering new, highly-specific TLDs?
It doesn't surprise me at all. Selling domain names is a huge business. Consider what happened when the.asia TLD was created. My first hit on Google offers.asia registrations for $59 USD. According to this article on, 505,838 applications were received by the end of the "land rush" phase. That works out to about $30M USD in commerce generated by the addition of just one TLD - a revenue stream that will keep on flowing because domain registrations require periodic renewal.
Anytime there is money to be made this easily, there will be people lining up for a piece of the action.
Knowing whether a photo or video has been digitally altered is important for images used as legal evidence. I would not be surprised to see makers of digital cameras and editing software embed a digital signature that can be used to detect alteration. Perhaps with software like Photoshop, it might even record what types of modification were done. There would be little reason to mistrust a photo that was merely rescaled, for example.
Keep in mind that some digital technology already embeds data to prevent counterfeiting.
Now if only someone could make it more palatable to me.
And in a related note, given all the current buzz about The Social Network cleaning up at the Oscars, am I the only one around who thinks that movie completely sucks ass?
Like more than 400,000 other people, I signed the online petition hosted by openmedia.ca. I have now been opted in to receiving e-mails on this topic from the Liberal Party of Canada. In looking back at the online petition, I now see there is no privacy statement or agreement not to share my e-mail address.
Although I have no proof, I strongly suspect that openmedia.ca shared my e-mail address with the Liberal party. Frankly, I feel duped, given that openmedia.ca touts itself as nonpartisan.
I currently pay $34.95 for ADSL from Teksavvy, plus $10.00 for unlimited bandwidth. (In this context, "bandwidth" refers to the total amount of data that traverses my connection each month). I typically download about 80GB per month. Under the proposed CRTC regulations, I would have been capped at 25GB per month, with over-usage fees of approx. $2.00/GB. In other words, my monthly cost would rise by $100. It has been estimated that the cost to Telus (who owns the telephone line) is around $1.10 for carrying the extra 55GB over my cap. Does paying $100 for what costs Telus $1.10 seem like "the fairest system" to you? Repealing this will certainly not mean I'll "have to pay more".
Furthermore, you imply that paying flat rates must be unfair to either me or my neighbour, because one of us must be "subsidizing" the other. This is an erroneous argument. If both me and my neighbour are content with our rates, and are receiving the services we require, then no unfairness exists. By your logic, I should be upset if my neighbour drives more miles than I do in a year, because we're both being taxed to maintain roads.
Your attitude is so typically right-wing. God forbid that a penny of your money should ever go to providing for someone else, even obliquely.
They [firewalls] should not be placed in front of servers... In many cases, these devices became immediate bottlenecks in the face of DDoS.
In any computer system, some subsystem always acts as a performance bottleneck. If that bottleneck is removed, then the next slowest subsystem becomes the bottleneck.
In the case of TFA, this guy suggests that a firewall in front of a webserver might well be crushed under the load of a DDoS attack. If the firewall were not there, however, then the webserver itself would get crushed, or the load balancer, or whatever else was next in line to bear the brunt of the attack. When you're talking about attacks up to 100Gbps, something is going to clobbered.
The only defense is to drop packets like mad if, for example, too many are originating from one source, or are deliberately malformed, or look suspicious for some other reason. You know what's really good at that kind of job? Firewalls.
The initial samples of the new metallic glass... yielded glass rods approximately one millimeter in diameter. Adding silver to the mix enabled the Cal Tech researchers to expand the thickness of the glass rods to six millimeters.
So it's not as though they're making windows panes out of this stuff, but it's interesting nonetheless. The way they create an amorphous structure is fascinating:
The size of the metallic glass is limited by the need to rapidly cool or “quench” the liquid metals for the final amorphous structure.
The rule of thumb is that to make a metallic glass we need to have at least five elements so that when we quench the material, it doesn’t know what crystal structure to form and defaults to amorphous.
It sounds as though innovations in the quenching process might enable larger shapes, or perhaps even sheets, to be produced.
I hope you didn't spend too much time composing that. I got bored by your blathering halfway through and stopped reading, since you evidently didn't even read the thread you chimed in on.
I didn't say that egress filtering has no merit, and yes, there are situations where it's called for. If you have Defense Department contracts or whatever that require a particular firewall policy, then do what's necessary. It doesn't mean that anyone who doesn't follow your policy is "frankly, insane".
Nor is allowing outbound connections "a massive, massive security issue you could drive an oil tanker through". SOHO routers by Linksys, D-Link, SMC, Netgear, etc. allow unrestricted outbound connections by default, and a hell of a lot of people are using them without it causing "massive security issues". That's not to say these people don't have any massive security issues. They're just not caused by their egress filtering policy.
Why do I block skype? Because the only way to have it work properly through most firewalls is to allow ALL outgoing ports.
Skype lists three other firewall configurations that work, including two that only require egress on a single port that's almost always open anyway.
Its a massive, massive security issue you could drive an oil tanker through.
Oh, come on. Sure, egress filtering is a polite thing to do, but it's inbound connections that put you at risk. And chances are, if you do fall victim to some nefarious piece of malware that's making unwanted outbound connections, simple packet filtering will be useless anyway because it will fall back to TCP 80, or TCP 443, or even UDP 53, to tunnel out. Just like Skype does.
You advertise yourself as an "admin of some 12 years" experience, but you're exactly the type of admin I dislike. You take a personal stance against something, and then back up your bias with a mixture of pseudo-facts, deliberate omission, and high-handed horseshit.
Connecting to a wireless router usually means obtaining IP settings via DHCP. In the process, the MAC address of your network adapter (which is supposed to unique) will be recorded on the router, at least for some period of time. Therefore, if you want to connect without leaving an obvious fingerprint pointing back to your computer, first modify the MAC address that your network card is putting out. On Windows machines, drivers often provide a way to specify your MAC address under the "advanced properties" of the adapter. On my Intel network adapter, for example, the setting is listed as "Locally Administered Address", and is undefined by default.
You might even spoof a specific make of network adapter by choosing an "Organizationally Unique Identifier" from the OUI Public Listing.
The judge... made this demand WITHOUT any detailed discussion of its value or history. When I specifically asked for that, the judge flatly denied my request.
And why the hell not? The judge is not there teach the history of law, or engage in any "detailed discussion of its value".
I'm not inclined to fault this woman for what she did, even though she was more surreptitious than I was.
So you also condone it when others break the rules, and seek to further excuse yourself by claiming that others were "more surreptitious". (For what it's worth, your actions sounded more surreptitious to me).
I would rather have an honest but ignorant juror who does as the judge instructs, than an arrogant ass who wants to debate the value of laws, disrespects the judges instructions, and breaks whatever rules he doesn't like.
A small addition was made to the autoexec.bat on the client, simply to run curl to access the Perl CGI script, then feed the output to the settz utility, thereby properly setting the time zone of each client every time it booted
Being able to modify the autoexec.bat file, they could have written a solution that required no third-party software. I used to change all manner of systems settings via.bat files, even modifying registry settings by creating.reg files on the fly and calling regedit to load them.
Open printer, add PC-104 computer with ethernet and a linux on it along with a small switch. printer AND PC104 connect to the switch inside AND scab onto the power supply.
It's not even necessary to hide any physical equipment inside the printer. HP LaserJets can be hacked to steal documents, run port scans, host rogue FTP or HTTP servers, and more. FX from Phenoelit did some interesting work on this, but his website is now censored due to legal issues. Some of his stuff can now be found here.
Blackberry Enterprise Server and Blackberry Enterprise Server Express have the exact same capability to remotely wipe all data from an employee's Blackberry phone.
So what you're saying is you don't mind living in a society in which the richest few people get the best of everything, because that's what would happen. There's a reason why the front rows at NBA games are filled with celebrities, or why most season tickets sold by sports franchises are purchased by corporations (who claim them for tax write-offs). Common folk like me would be priced out of ever seeing a popular show, just like many common folk are priced out of getting, say, good health care. You may believe that capitalism is fair for everyone, but from my point of view it simply funnels wealth and privilege to a tiny fraction of society. I see no value added to society by scalpers. They benefit only themselves by systematically inflating the price of tickets for everyone else.
Slashdot Mirror
Windoze admins...
The very first word in your "+5 Informative" diatribe is a derogatory term blanketing all administrators of Windows systems. Anything else you have to say should now be taken as extremely biased, if not plain ignorant. I've been an administrator of Unix systems for over 20 years, and an administrator of Linux and Windows servers since their early days. Being a Windows admin does not mean that one is uniformed or technically inept, any more than being a *nix admin makes one smarter.
- require https over http to devices, yet still have telnet access enabled.
I'm sure I have several devices on my network with telnet enabled. Why should I bother disabling it? I don't use it, so its vulnerability to password sniffing is irrelevant.
And what do any of your gripes have to do with whether or not Unix servers should be rebooted?
Does anyone else thing it's rather silly that ICANN is seriously considering new, highly-specific TLDs?
It doesn't surprise me at all. Selling domain names is a huge business. Consider what happened when the .asia TLD was created. My first hit on Google offers .asia registrations for $59 USD. According to this article on, 505,838 applications were received by the end of the "land rush" phase. That works out to about $30M USD in commerce generated by the addition of just one TLD - a revenue stream that will keep on flowing because domain registrations require periodic renewal.
Anytime there is money to be made this easily, there will be people lining up for a piece of the action.
I think I espoused my position clearly enough. I even gave you a car analogy.
And are you seriously referencing an article in The Onion in support of your argument?
You can alter whatever you want, but without the manufacturer's private key, you can't digitally sign the result.
Knowing whether a photo or video has been digitally altered is important for images used as legal evidence. I would not be surprised to see makers of digital cameras and editing software embed a digital signature that can be used to detect alteration. Perhaps with software like Photoshop, it might even record what types of modification were done. There would be little reason to mistrust a photo that was merely rescaled, for example.
Keep in mind that some digital technology already embeds data to prevent counterfeiting.
Now if only someone could make it more palatable to me.
And in a related note, given all the current buzz about The Social Network cleaning up at the Oscars, am I the only one around who thinks that movie completely sucks ass?
Like more than 400,000 other people, I signed the online petition hosted by openmedia.ca. I have now been opted in to receiving e-mails on this topic from the Liberal Party of Canada. In looking back at the online petition, I now see there is no privacy statement or agreement not to share my e-mail address.
Although I have no proof, I strongly suspect that openmedia.ca shared my e-mail address with the Liberal party. Frankly, I feel duped, given that openmedia.ca touts itself as nonpartisan.
What bullshit.
I currently pay $34.95 for ADSL from Teksavvy, plus $10.00 for unlimited bandwidth. (In this context, "bandwidth" refers to the total amount of data that traverses my connection each month). I typically download about 80GB per month. Under the proposed CRTC regulations, I would have been capped at 25GB per month, with over-usage fees of approx. $2.00/GB. In other words, my monthly cost would rise by $100. It has been estimated that the cost to Telus (who owns the telephone line) is around $1.10 for carrying the extra 55GB over my cap. Does paying $100 for what costs Telus $1.10 seem like "the fairest system" to you? Repealing this will certainly not mean I'll "have to pay more".
Furthermore, you imply that paying flat rates must be unfair to either me or my neighbour, because one of us must be "subsidizing" the other. This is an erroneous argument. If both me and my neighbour are content with our rates, and are receiving the services we require, then no unfairness exists. By your logic, I should be upset if my neighbour drives more miles than I do in a year, because we're both being taxed to maintain roads.
Your attitude is so typically right-wing. God forbid that a penny of your money should ever go to providing for someone else, even obliquely.
...what we quaintly referred to in the good old days as 'bookmarks'.
I'm reading with Firefox 3.6.13 and they're still referred to as Bookmarks.
FTA:
They [firewalls] should not be placed in front of servers... In many cases, these devices became immediate bottlenecks in the face of DDoS.
In any computer system, some subsystem always acts as a performance bottleneck. If that bottleneck is removed, then the next slowest subsystem becomes the bottleneck.
In the case of TFA, this guy suggests that a firewall in front of a webserver might well be crushed under the load of a DDoS attack. If the firewall were not there, however, then the webserver itself would get crushed, or the load balancer, or whatever else was next in line to bear the brunt of the attack. When you're talking about attacks up to 100Gbps, something is going to clobbered.
The only defense is to drop packets like mad if, for example, too many are originating from one source, or are deliberately malformed, or look suspicious for some other reason. You know what's really good at that kind of job? Firewalls.
If the parent to my post wasn't visible, then there's no reason to display my post.
Suppose you made +5 Funny riposte to a -1 Troll. I'd want to see it.
Hasn't it been addressed already ad hominem...
Do you mean ad infinitum?
The initial samples of the new metallic glass... yielded glass rods approximately one millimeter in diameter. Adding silver to the mix enabled the Cal Tech researchers to expand the thickness of the glass rods to six millimeters.
So it's not as though they're making windows panes out of this stuff, but it's interesting nonetheless. The way they create an amorphous structure is fascinating:
The size of the metallic glass is limited by the need to rapidly cool or “quench” the liquid metals for the final amorphous structure. The rule of thumb is that to make a metallic glass we need to have at least five elements so that when we quench the material, it doesn’t know what crystal structure to form and defaults to amorphous.
It sounds as though innovations in the quenching process might enable larger shapes, or perhaps even sheets, to be produced.
I hope you didn't spend too much time composing that. I got bored by your blathering halfway through and stopped reading, since you evidently didn't even read the thread you chimed in on.
I didn't say that egress filtering has no merit, and yes, there are situations where it's called for. If you have Defense Department contracts or whatever that require a particular firewall policy, then do what's necessary. It doesn't mean that anyone who doesn't follow your policy is "frankly, insane".
Nor is allowing outbound connections "a massive, massive security issue you could drive an oil tanker through". SOHO routers by Linksys, D-Link, SMC, Netgear, etc. allow unrestricted outbound connections by default, and a hell of a lot of people are using them without it causing "massive security issues". That's not to say these people don't have any massive security issues. They're just not caused by their egress filtering policy.
Why do I block skype? Because the only way to have it work properly through most firewalls is to allow ALL outgoing ports.
Skype lists three other firewall configurations that work, including two that only require egress on a single port that's almost always open anyway.
Its a massive, massive security issue you could drive an oil tanker through.
Oh, come on. Sure, egress filtering is a polite thing to do, but it's inbound connections that put you at risk. And chances are, if you do fall victim to some nefarious piece of malware that's making unwanted outbound connections, simple packet filtering will be useless anyway because it will fall back to TCP 80, or TCP 443, or even UDP 53, to tunnel out. Just like Skype does.
You advertise yourself as an "admin of some 12 years" experience, but you're exactly the type of admin I dislike. You take a personal stance against something, and then back up your bias with a mixture of pseudo-facts, deliberate omission, and high-handed horseshit.
Connecting to a wireless router usually means obtaining IP settings via DHCP. In the process, the MAC address of your network adapter (which is supposed to unique) will be recorded on the router, at least for some period of time. Therefore, if you want to connect without leaving an obvious fingerprint pointing back to your computer, first modify the MAC address that your network card is putting out. On Windows machines, drivers often provide a way to specify your MAC address under the "advanced properties" of the adapter. On my Intel network adapter, for example, the setting is listed as "Locally Administered Address", and is undefined by default.
You might even spoof a specific make of network adapter by choosing an "Organizationally Unique Identifier" from the OUI Public Listing.
The judge ... made this demand WITHOUT any detailed discussion of its value or history. When I specifically asked for that, the judge flatly denied my request.
And why the hell not? The judge is not there teach the history of law, or engage in any "detailed discussion of its value".
I'm not inclined to fault this woman for what she did, even though she was more surreptitious than I was.
So you also condone it when others break the rules, and seek to further excuse yourself by claiming that others were "more surreptitious". (For what it's worth, your actions sounded more surreptitious to me).
I would rather have an honest but ignorant juror who does as the judge instructs, than an arrogant ass who wants to debate the value of laws, disrespects the judges instructions, and breaks whatever rules he doesn't like.
Except this is OpenBSD we're talking about, where code audits happen frequently and often.
Your phraseology is redundant and repetitive.
A small addition was made to the autoexec.bat on the client, simply to run curl to access the Perl CGI script, then feed the output to the settz utility, thereby properly setting the time zone of each client every time it booted
Being able to modify the autoexec.bat file, they could have written a solution that required no third-party software. I used to change all manner of systems settings via .bat files, even modifying registry settings by creating .reg files on the fly and calling regedit to load them.
Where's the Bill Gates / Borg icon?
Open printer, add PC-104 computer with ethernet and a linux on it along with a small switch. printer AND PC104 connect to the switch inside AND scab onto the power supply.
Printer + network scanner/document grabber completely hidden.
It's not even necessary to hide any physical equipment inside the printer. HP LaserJets can be hacked to steal documents, run port scans, host rogue FTP or HTTP servers, and more. FX from Phenoelit did some interesting work on this, but his website is now censored due to legal issues. Some of his stuff can now be found here.
Blackberry Enterprise Server and Blackberry Enterprise Server Express have the exact same capability to remotely wipe all data from an employee's Blackberry phone.
So what you're saying is you don't mind living in a society in which the richest few people get the best of everything, because that's what would happen. There's a reason why the front rows at NBA games are filled with celebrities, or why most season tickets sold by sports franchises are purchased by corporations (who claim them for tax write-offs). Common folk like me would be priced out of ever seeing a popular show, just like many common folk are priced out of getting, say, good health care. You may believe that capitalism is fair for everyone, but from my point of view it simply funnels wealth and privilege to a tiny fraction of society. I see no value added to society by scalpers. They benefit only themselves by systematically inflating the price of tickets for everyone else.
Or from here: http://get.adobe.com/reader/enterprise/