deja vu all over again. As was posted in the last round of 'Cracked' comments. This is not his full time job. This was volunteer work that was being done almost 3 years ago. Anyone that has ever done work like this knows that a lot of things slip through the cracks. When you've just pulled 12 hours in a debugger at your food on the table job, recent backups and user space on a volunteer system are the last thing on your mind. Again, I challenge anyone that claims that this was pure negligence on Noels part to step to the plate and attempt to do volunteer system admin in their spare time. The lack of budget/hardware/time/people/etc will quickly turn you into McGyver too. Then you can write a story to be doubted and unappreciated when the duct tape breaks. I also would like to suggest that people take a look back at where they stood 3 years ago in their own knowledge. It even seems to me that security and crackers werent nearly as strong of a concern as they are now with the advent of high speed access and multiple ISPs in any given prefix. Today, you would hardly think of having a box on the internet without checking for new bugs and patching away every few weeks. In 97, I would maybe check every month, and even then just worry about Bind and Sendmail. You can flame that all you want, but those of you that can say you have done volunteer work on a system, never mind one that has 20,000 users, should all be able to look back and find some things that are just waiting to be exploited. Not because you are lazy or inexperienced or incompetent, but because you work with what you have. Be it time or staff or machines.
Jason www.cyborgworkshop.com ...and the geek shall inherit the earth...
The first I heard about it was a passing mention on my local LUG. It wasnt hyped at all, and the timing is pretty poor. Most of us work at a minimum until 5. And since this isnt really in Kansas City (its in Overland Park, about a 30 minute drive west of KC, tack on another 30 to 45 during rush hour) its almost imposible to make it during a weekday and remain employed or not scrap some vacation time. Even my company, which is very motivated to move to linux on just about everything, just couldnt spare us for something that, for all intents, looked to be a small unhyped show. I belive if some advertising had really happened, you would find the geeks coming out in drones. Believe it or not, KC is full of them. Having sprints headquarters does help get the geek population up, not to mention Atipa and a few others. Lets shoot for this again next year and just learn from our mistakes.
anyone else remember when IBM and their starched white shirts represented nothing short of the Nazi party? Its refreshing to see someone so well known for their closed doors and Let them eat cake mentality step into a movement like linux. When IBM first released JFS, I kept looking for the 'gotcha' that never came. It seemed like IBM really did give up something of theirs to the Linux community. Now with their LV stuff being announced, it really does give a linux geek hope.
they are running RS6000's and have an AIX expert on hand, so that is what they used for the 6000's. The alphas run Digital Unix, and again that is what they put back on it. If you take a moment and reread what I said, I never once mentioned the OS that they are running. The OS, relative to this discusion, doesnt matter at all. My point is that this is not something that he designed. He walked into this mess and is now trying to rebuild it. The entire system could have been based on open-net-free-redhat-debian-plan9-linux and it still wouldnt change my point one bit. He didnt create this mess, he just tried to keep it working the best he could. Then it went down, he redesigned the mess, so now it is his job to ensure that he designs a secure network. Had he been given this place as his day job, had he been hired in as the network security guru, then yes this would just be a simple 'know your network' kind of deal and a smack on the wrist would be well deserved. But this is volunteer work, something that he is trying to help out on, a mess he didnt create but is still trying to clean up. I invite you to take on a similar challenge. Having worked on systems like this one, ones that have been put together with duct tape and are holding on by bubble gum, I understand exactlly where Noel is comming from. Some jackas$ thought it would be cute to only put 24 hours into a day, and its awful hard to find the other 10 that you need to get these kind of volunteer jobs done right. What you end up with is something that works and intentions to make it better once you find those extra 10 hours. Mind you, I think it speaks to Noels character that he and his fellow volunteers took time off of their day jobs to come and do this network up right.
(btw, I dont know Noel from Adam, I just admire and can relate to what he is doing) ...and the geek shall inherit the earth...
Sorry,, I was meaning the series. Thats what I get for being vague. next thing you know I'll be working for the patent office and approving that "method of inputing a desired action via twice clicking on a pointing device known as a "mouse" in a computing enviroment" patent to Amazon.com
This is perhaps a bad example. A much better one would be the rants that are started on almost every article about how someone submitted this weeks ago,etc./. has become huge. What other website can perform a DDoS attack just be linking a site? Im not trying to say that K5 or/. is better then the other, what I am saying is that their is only so much stuff that a limited staff can do. If instead,/. used the huge base of posters and people with good Karma that it has, weeding out the trolls and Karma whores much like moderation does, then perhaps more articles can be posted in a more timely manor.
If you read the series, you will find that the system in question is not his fulltime job. In fact, its volunteer work that he has tried to assist on. The systems, like so many other non-profits, where smacked together enough just to make them work. I rather applaud the author for having the juevos to post the articles and detail his steps. On one hand, someone that is paid to keep a network secure shouldnt have any excuse, but this was volunteer work man. Read the series.
If the box was being used for the same purpose that a windows box can serve, why run bind anyway? The problem is not the OS, you'll be hard pressed to argue that comparing linux running no services and a windows box running no services, that linux is less secure. Or any un*x for that matter. The key is to know the purpose of your box from the start. Are you building this box just as a gateway? Then you shouldnt need any services running. If you are going to use a linux box as a router, then think of it as a router. If you are going to use it as a firewall, then think of it as a firewall. How many firewalls have you seen, PIX and what not, that have DNS or mail servers running on them? None. The problem is not the OS, the problem is education.
If you want an all-in-wonder box that will do your masq'ing and firewalling and mail hosting and web hosting and DNS and wash the dog, then you need to at least research the services you are going to use and be prepared for the attacks. BTW, a do-all box is just a bad idea IMHO. Whats the point of having a secure firewall and then running non-secure public services on it? A little forethought would have saved you a lot of time.
As Im sure someone else is going to point out, this has been on www.kuro5hin.org for weeks and weeks now. What Im wondering, is that since/. has grown so fast and now has so many articles submitted that the staff is having a hard time keeping up, is their some way we can have a system implemented that instead of relying on a few full time or part time staffers, community people can accept and post the articles. Similar to the moderation system, but for the actual articles posted. Then/. can go back to getting news in a prompt manor and not be as overloaded as they are now. This is a great series BTW, well worth the reading.
It sounds like you have made the physical site as secure as possible, short of dropping mines on the beach and putting rangers in gun towers. The only potential weak point that I have seen is your lines to the outside world. How do you plan on 1) protecting those lines, be it physical or sat link from attackers. 2) protecting that service. If your lines hub out to an MCI presence in say england (pardon, Im not totally up on havenco's exact physical location.) what would happen if MCI takes some heat and is forced to drop your service? any backup plans? 3) Protecting the traffic on those lines. While the data on your servers is encrypted, do you leave it up to your clients to encrypt the traffic going back and forth from havenco, or do you require something like browser encryption or ssh? and finally a small PR suggestion. Since this service is going to mostlly excite geeks, how about tossing a bone our way. Say a public PGP key server at havenco or something of that sort?
For the Atlanta screening, the 90-minute movie will be projected after it has been downloaded from Burbank rather than shown simultaneously with its transmission over the Internet. ''Real-time'' projection is effectively prevented by the sheer size of the computer file containing the movie -- 50 gigabytes, which is roughly 20,000 times larger than a typical MP3 music file, Schroeder said.
Around 50 gig in less then 4 hours? Gotta love that.
And now for something completly different....
on
Essential Anime
·
· Score: 1
If you are looking for a really good story, I enjoyed Grave of the FireFlies. Now yes, setsukos voice is enough to drive any sane man off a cliff, but the story is very powerful. WWII Japan, the story of two children and the effect that the war had on them. Real tear jerker.
At face value, this has no effect on linux, but dig a little deeper. Yes, it mentions that a key is taken out of a registry, but Linux doesnt have a registry, or does it? What is a registry, is it that hellish tree that MS products use, or could it be more? What worries me is that this patent doesnt explicitly state what a registry is. If MS decided to go balls to the wall on this, it could be argued that a registry is any file or system that contains version information on anything other then itself. If that is the case, then what about Mandrakes AutoRPM. It completes the same job using a version file, that if you really wanted to, could be referred to as a registry. I dont think this patent should be taken too lightly. Its main threat is its ambiguity. Imagine that, Microsoft king of security by obscurity, being vague.
seeing as their budget cuts just seem to keep coming, and they arent exactlly the most effecient when it comes to operating costs, never mind the high cost "oops". I guess pretty pictures are the only thing that keeps NASA afloat right now. "lets see, we can crash these probes into Mars and hope those airbags that GM sold us inflate. Hell, even if they dont, we'll just snap some pretty pictures of some rocks, stir up public interest about them, cry about russia not pulling its weight on that wizz-bang new space station, and viola, back in the green again"
You're comparing Apples to Volvos. The Nomad and Rio arent in the same class as this device. Most of the cost stems from the harddrive, just like most of the Rio's cost stems from the FlashRAM. I cant help but wonder why a project hasnt been born, to the best of my knowledge, to just create a hardware decoder that interfaces into an ATAPI device. Or even just a plug in hardware decoder to smack into a USB port.
anyone else remember a time when the phone company said that 9600 was the highest that anyone could ever expect over home copper? And now, here we are pushing home LAN style bandwidth over that same copper. Yes I know, YMMV, I just find it ironic.
While I think its awesome that IBM is trying to run linux on just about anything they can find (linux on a toaster anyone?), and while it sounds cool that IBM can run 41000 copies of linux on one box (SETI here I come) this still doesnt get around one fundamental problem. On my web servers, CPU usage is never a problem. What always nips me is disk IO. I dont know a whole lot about the big iron, but I cant imagine them being able to skate this problem any better then my Sun webservers do. What I really would like to see IBM working on is that sexy hard drive technology, I want, no NEED a 700 gig HD for $110 for my MP3's. Not to mention that with 41000 copies of linux, INIT better be packing buck shot.
I easily put in 40 at the office during downtime between projects. But once a project gets rolling, its not uncommon to come in at 8, eat lunch at the desk, and the next time I look at the clock its 8 again and the night crew has arrived. Not to mention going home and VPNing back into work to keep right on going.
While I dig what the Kerbango Radio does, I mean how many of us have hacked together that old PC in the smallest case we could find just so we could have a box dedicated to playing all 30,000 MP3s that we have managed to collect, rip, borrow and 'aquire'. I just have to wonder, who in the world designed the shell for that thing? It looks like some bad knock off of the Nickelodeon radio alarm clock. What is so wrong with a nice little brushed aluminum case? While Im sure I will look into this device for its function, can we say bye bye old hacked up PC in the pizza-box, I most definetly wont have it displayed in all its day-glow glory in my living room.
while I sincerely doubt that MS is to blame for the recent attacks, the FUD isnt suprising. With the recent IDG survey showing linux leaping up the NOS ladder and closing the gap on NT, MS is going to be the FUD producing machine that we all know it is.
Just to recap, I was only comparing Mandrake to this Linuxone hoopla because of the "they have not contributed anything of value" remark. As all good slashdoters know, distro wars get you nowhere, so pardon if I excited anyone.
Rather, they tried to be a Better Redhat then Redhat, but failed IMHO. Such problems as a very broken Frame Buffers in Mandrake 6.0 and FUBARed pump code in Mandrake 6.1, to name two, have plagued Mandrake. While I know that all linux distros come out with bugs, Mandrake has always seemed rushed to me. Pushed out way to fast and with silly bugs, the frame buffers being a prime example. Again, the real question here is why does LinuxOne continue to suck so bad. I just had to play Devils Advocate for a minute.
ok, very quickly I will play devils advocate on this one. While I agree that linux1 is a festering boil, I disagree that they can be ripped simply because "they have product, but since these products are rip offs with no added value whatsoever". The Mandrake Linux distro can be said to be of the same nature and its been hailed as one of the best products of the year since its inception. Only recently, with the advent of 7.0, has the Linux Mandrake distro provided anything that Redhat doesnt other then a kernel compile and some themes.
My concern would be more of one box doing too much work. Running a lot of web cams is pretty tough in itself, but this box is also being asked to be a firewall and such. I would recommend 2 boxs, but on the camera side I would go with the X10 style cameras that you can pick up at X10.com They are wireless, and you can put many of them into one source. They are designed for security and such.
Slashdot Mirror
deja vu all over again. As was posted in the last round of 'Cracked' comments. This is not his full time job. This was volunteer work that was being done almost 3 years ago. Anyone that has ever done work like this knows that a lot of things slip through the cracks. When you've just pulled 12 hours in a debugger at your food on the table job, recent backups and user space on a volunteer system are the last thing on your mind. Again, I challenge anyone that claims that this was pure negligence on Noels part to step to the plate and attempt to do volunteer system admin in their spare time. The lack of budget/hardware/time/people/etc will quickly turn you into McGyver too. Then you can write a story to be doubted and unappreciated when the duct tape breaks. I also would like to suggest that people take a look back at where they stood 3 years ago in their own knowledge. It even seems to me that security and crackers werent nearly as strong of a concern as they are now with the advent of high speed access and multiple ISPs in any given prefix. Today, you would hardly think of having a box on the internet without checking for new bugs and patching away every few weeks. In 97, I would maybe check every month, and even then just worry about Bind and Sendmail. You can flame that all you want, but those of you that can say you have done volunteer work on a system, never mind one that has 20,000 users, should all be able to look back and find some things that are just waiting to be exploited. Not because you are lazy or inexperienced or incompetent, but because you work with what you have. Be it time or staff or machines.
Jason
www.cyborgworkshop.com
...and the geek shall inherit the earth...
The first I heard about it was a passing mention on my local LUG. It wasnt hyped at all, and the timing is pretty poor. Most of us work at a minimum until 5. And since this isnt really in Kansas City (its in Overland Park, about a 30 minute drive west of KC, tack on another 30 to 45 during rush hour) its almost imposible to make it during a weekday and remain employed or not scrap some vacation time. Even my company, which is very motivated to move to linux on just about everything, just couldnt spare us for something that, for all intents, looked to be a small unhyped show. I belive if some advertising had really happened, you would find the geeks coming out in drones. Believe it or not, KC is full of them. Having sprints headquarters does help get the geek population up, not to mention Atipa and a few others. Lets shoot for this again next year and just learn from our mistakes.
...and the geek shall inherit the earth...
anyone else remember when IBM and their starched white shirts represented nothing short of the Nazi party? Its refreshing to see someone so well known for their closed doors and Let them eat cake mentality step into a movement like linux. When IBM first released JFS, I kept looking for the 'gotcha' that never came. It seemed like IBM really did give up something of theirs to the Linux community. Now with their LV stuff being announced, it really does give a linux geek hope.
...and the geek shall inherit the earth...
they are running RS6000's and have an AIX expert on hand, so that is what they used for the 6000's. The alphas run Digital Unix, and again that is what they put back on it. If you take a moment and reread what I said, I never once mentioned the OS that they are running. The OS, relative to this discusion, doesnt matter at all. My point is that this is not something that he designed. He walked into this mess and is now trying to rebuild it. The entire system could have been based on open-net-free-redhat-debian-plan9-linux and it still wouldnt change my point one bit. He didnt create this mess, he just tried to keep it working the best he could. Then it went down, he redesigned the mess, so now it is his job to ensure that he designs a secure network. Had he been given this place as his day job, had he been hired in as the network security guru, then yes this would just be a simple 'know your network' kind of deal and a smack on the wrist would be well deserved. But this is volunteer work, something that he is trying to help out on, a mess he didnt create but is still trying to clean up. I invite you to take on a similar challenge. Having worked on systems like this one, ones that have been put together with duct tape and are holding on by bubble gum, I understand exactlly where Noel is comming from. Some jackas$ thought it would be cute to only put 24 hours into a day, and its awful hard to find the other 10 that you need to get these kind of volunteer jobs done right. What you end up with is something that works and intentions to make it better once you find those extra 10 hours. Mind you, I think it speaks to Noels character that he and his fellow volunteers took time off of their day jobs to come and do this network up right.
(btw, I dont know Noel from Adam, I just admire and can relate to what he is doing)
...and the geek shall inherit the earth...
Sorry,, I was meaning the series. Thats what I get for being vague. next thing you know I'll be working for the patent office and approving that "method of inputing a desired action via twice clicking on a pointing device known as a "mouse" in a computing enviroment" patent to Amazon.com
...and the geek shall inherit the earth...
This is perhaps a bad example. A much better one would be the rants that are started on almost every article about how someone submitted this weeks ago ,etc. /. has become huge. What other website can perform a DDoS attack just be linking a site? Im not trying to say that K5 or /. is better then the other, what I am saying is that their is only so much stuff that a limited staff can do. If instead, /. used the huge base of posters and people with good Karma that it has, weeding out the trolls and Karma whores much like moderation does, then perhaps more articles can be posted in a more timely manor.
...and the geek shall inherit the earth...
If you read the series, you will find that the system in question is not his fulltime job. In fact, its volunteer work that he has tried to assist on. The systems, like so many other non-profits, where smacked together enough just to make them work. I rather applaud the author for having the juevos to post the articles and detail his steps. On one hand, someone that is paid to keep a network secure shouldnt have any excuse, but this was volunteer work man. Read the series.
... and the geek shall inherit the earth...
If the box was being used for the same purpose that a windows box can serve, why run bind anyway? The problem is not the OS, you'll be hard pressed to argue that comparing linux running no services and a windows box running no services, that linux is less secure. Or any un*x for that matter. The key is to know the purpose of your box from the start. Are you building this box just as a gateway? Then you shouldnt need any services running. If you are going to use a linux box as a router, then think of it as a router. If you are going to use it as a firewall, then think of it as a firewall. How many firewalls have you seen, PIX and what not, that have DNS or mail servers running on them? None. The problem is not the OS, the problem is education.
If you want an all-in-wonder box that will do your masq'ing and firewalling and mail hosting and web hosting and DNS and wash the dog, then you need to at least research the services you are going to use and be prepared for the attacks. BTW, a do-all box is just a bad idea IMHO. Whats the point of having a secure firewall and then running non-secure public services on it? A little forethought would have saved you a lot of time.
... and the geek shall inherit the earth...
As Im sure someone else is going to point out, this has been on www.kuro5hin.org for weeks and weeks now. What Im wondering, is that since /. has grown so fast and now has so many articles submitted that the staff is having a hard time keeping up, is their some way we can have a system implemented that instead of relying on a few full time or part time staffers, community people can accept and post the articles. Similar to the moderation system, but for the actual articles posted. Then /. can go back to getting news in a prompt manor and not be as overloaded as they are now. This is a great series BTW, well worth the reading.
...and the geek shall inherit the earth...
It sounds like you have made the physical site as secure as possible, short of dropping mines on the beach and putting rangers in gun towers. The only potential weak point that I have seen is your lines to the outside world. How do you plan on 1) protecting those lines, be it physical or sat link from attackers. 2) protecting that service. If your lines hub out to an MCI presence in say england (pardon, Im not totally up on havenco's exact physical location.) what would happen if MCI takes some heat and is forced to drop your service? any backup plans? 3) Protecting the traffic on those lines. While the data on your servers is encrypted, do you leave it up to your clients to encrypt the traffic going back and forth from havenco, or do you require something like browser encryption or ssh?
...and the geek shall inherit the earth...
and finally a small PR suggestion. Since this service is going to mostlly excite geeks, how about tossing a bone our way. Say a public PGP key server at havenco or something of that sort?
For the Atlanta screening, the 90-minute movie will be projected after it has been downloaded from Burbank rather than shown simultaneously with its transmission over the Internet. ''Real-time'' projection is effectively prevented by the sheer size of the computer file containing the movie -- 50 gigabytes, which is roughly 20,000 times larger than a typical MP3 music file, Schroeder said.
Around 50 gig in less then 4 hours? Gotta love that.
If you are looking for a really good story, I enjoyed Grave of the FireFlies. Now yes, setsukos voice is enough to drive any sane man off a cliff, but the story is very powerful. WWII Japan, the story of two children and the effect that the war had on them. Real tear jerker.
At face value, this has no effect on linux, but dig a little deeper. Yes, it mentions that a key is taken out of a registry, but Linux doesnt have a registry, or does it? What is a registry, is it that hellish tree that MS products use, or could it be more? What worries me is that this patent doesnt explicitly state what a registry is. If MS decided to go balls to the wall on this, it could be argued that a registry is any file or system that contains version information on anything other then itself. If that is the case, then what about Mandrakes AutoRPM. It completes the same job using a version file, that if you really wanted to, could be referred to as a registry. I dont think this patent should be taken too lightly. Its main threat is its ambiguity. Imagine that, Microsoft king of security by obscurity, being vague.
...and the geek shall inherit the earth...
seeing as their budget cuts just seem to keep coming, and they arent exactlly the most effecient when it comes to operating costs, never mind the high cost "oops". I guess pretty pictures are the only thing that keeps NASA afloat right now. "lets see, we can crash these probes into Mars and hope those airbags that GM sold us inflate. Hell, even if they dont, we'll just snap some pretty pictures of some rocks, stir up public interest about them, cry about russia not pulling its weight on that wizz-bang new space station, and viola, back in the green again"
...and the geek shall inherit the earth...
You're comparing Apples to Volvos. The Nomad and Rio arent in the same class as this device. Most of the cost stems from the harddrive, just like most of the Rio's cost stems from the FlashRAM. I cant help but wonder why a project hasnt been born, to the best of my knowledge, to just create a hardware decoder that interfaces into an ATAPI device. Or even just a plug in hardware decoder to smack into a USB port.
...and the geek shall inherit the earth...
anyone else remember a time when the phone company said that 9600 was the highest that anyone could ever expect over home copper? And now, here we are pushing home LAN style bandwidth over that same copper. Yes I know, YMMV, I just find it ironic.
...and the geek shall inherit the earth...
While I think its awesome that IBM is trying to run linux on just about anything they can find (linux on a toaster anyone?), and while it sounds cool that IBM can run 41000 copies of linux on one box (SETI here I come) this still doesnt get around one fundamental problem. On my web servers, CPU usage is never a problem. What always nips me is disk IO. I dont know a whole lot about the big iron, but I cant imagine them being able to skate this problem any better then my Sun webservers do. What I really would like to see IBM working on is that sexy hard drive technology, I want, no NEED a 700 gig HD for $110 for my MP3's. Not to mention that with 41000 copies of linux, INIT better be packing buck shot.
Jason
...and the geek shall inherit the earth...
actually.. this is very much a reality. check out The Stone Soup Cluster . It uses all kinds of machines from 486's to Pentiums all in one cluster.
...and the geek shall inherit the earth...
I easily put in 40 at the office during downtime between projects. But once a project gets rolling, its not uncommon to come in at 8, eat lunch at the desk, and the next time I look at the clock its 8 again and the night crew has arrived. Not to mention going home and VPNing back into work to keep right on going.
While I dig what the Kerbango Radio does, I mean how many of us have hacked together that old PC in the smallest case we could find just so we could have a box dedicated to playing all 30,000 MP3s that we have managed to collect, rip, borrow and 'aquire'. I just have to wonder, who in the world designed the shell for that thing?
It looks like some bad knock off of the Nickelodeon radio alarm clock. What is so wrong with a nice little brushed aluminum case? While Im sure I will look into this device for its function, can we say bye bye old hacked up PC in the pizza-box, I most definetly wont have it displayed in all its day-glow glory in my living room.
while I sincerely doubt that MS is to blame for the recent attacks, the FUD isnt suprising. With the recent IDG survey showing linux leaping up the NOS ladder and closing the gap on NT, MS is going to be the FUD producing machine that we all know it is.
...and the geek shall inherit the earth...
Just to recap, I was only comparing Mandrake to this Linuxone hoopla because of the "they have not contributed anything of value" remark. As all good slashdoters know, distro wars get you nowhere, so pardon if I excited anyone.
Rather, they tried to be a Better Redhat then Redhat, but failed IMHO. Such problems as a very broken Frame Buffers in Mandrake 6.0 and FUBARed pump code in Mandrake 6.1, to name two, have plagued Mandrake. While I know that all linux distros come out with bugs, Mandrake has always seemed rushed to me. Pushed out way to fast and with silly bugs, the frame buffers being a prime example. Again, the real question here is why does LinuxOne continue to suck so bad. I just had to play Devils Advocate for a minute.
ok, very quickly I will play devils advocate on this one. While I agree that linux1 is a festering boil, I disagree that they can be ripped simply because "they have product, but since these products are rip offs with no added value whatsoever". The Mandrake Linux distro can be said to be of the same nature and its been hailed as one of the best products of the year since its inception. Only recently, with the advent of 7.0, has the Linux Mandrake distro provided anything that Redhat doesnt other then a kernel compile and some themes.
My concern would be more of one box doing too much work. Running a lot of web cams is pretty tough in itself, but this box is also being asked to be a firewall and such. I would recommend 2 boxs, but on the camera side I would go with the X10 style cameras that you can pick up at X10.com They are wireless, and you can put many of them into one source. They are designed for security and such.