Re:Sudo is only useful when there are lots of admi
on
Sudo vs. Root
·
· Score: 1
Typical use here is: sudo su -
Now what might be interesting is to see how Solaris's RBAC comes along. I'm still sort of new to it myself, but the little that I've done with it has allowed me to create a role that can manage a few services related to a single project (they are limited to start/stop on a temporary basis and refresh as needed). In my case, I setup that role as having manage and modify rights in SMF. The users don't need to have root or sudo, just a role login which doesn't have a lot of permissions.
In my development environment, sudo is often prefered (pre-RBAC and current as most of the SA's supporting us aren't exceptionally UNIX savy) over giving out the root password as the root password may be common to multiple systems and a user may only need to be in the sudoers file for a particular system.
My other suggestion is to register everybody a Gmail account for personal use
You may also find that some companies block access to external email sites like Gmail, Hotmail, Yahoo, etc... My employer found that most of the infections on the network were related to content from outside email services so their solution was to keep people from accessing them. People could forward messages from home if needed and the messages would still go through the regular virus scans/checks/etc.... While the policy can be pretty annoying at times, people have adjusted to the policy.
As for email limits, I believe ours is set around 43MB on the Exchange server. We do have local files (stored on a network drive) that are not subject to the size rule on the email server, but are addressed by a corporate policy (which I would guess most people likely break). We also have a retention policy of 90 days for messages unless a user moves it to their personal files (.pst).
I work in a larger company where sometimes we team with other companies and other times we are competitors. We even find cases where employees of our company can not share between other employees of the company due to customer requirements (i.e. Don't build a new commercial application using resources from customer funded development).
Google Desktop is a liability to many corporations. It may be a good tool for some companies, but I would definitely review it for a specific company before allowing it to be installed on a companies systems.
Overall, my experience with SunRocket has been quite good. Initially I did have a longer transition period to maintain my existing Verizon phone number, but SunRocket indicated that Verizon historically delayed transfering numbers and they credited me with the delay time.
Your concerns for power outages are justified. When you lose power to your residence, an UPS may help the situation, but if your ISP has a power issue as well, keeping your power on won't help if they lose network power too. We have cell phone service so we feel that the loss of power is a minimal risk (we also live about 2 blocks from the fire/EMS service too).
I did have a coworker though who tried SunRocket as well, and his experience was less than satisfying. In his case, he found some issue with using a FAX machine over the service and he said SunRocket wasn't able to resolve it to his satisfaction. He also said the tech instructed him that he couldn't use a feature on their "Gizmo" (their VoIP router) where an "emergency" line could be maintained incase of power/network failure. Now when I got my service, I was told I could use it and I tested pulling the both the network cable and the power supply from the Gizmo and still had dial tone. I'm guessing my coworker had one of the less experienced techs or something because the responses my coworker got seemed uninformed.
What you may want to do is review the SunRocket website to see if they still have the money back offer if you don't like the service. When I signed up, I remember it being a pro-rated return (only paid the amount for the month you were currently in so at most, I'd lose about $17 if I didn't like it).
Apparently they are running a special that if you renew prior prior to your year running out, they'll give you 13 months for the $199 (which then puts the price around $15.30/month). I'm not sure of the exact details though, my wife took care of this a couple weeks ago.
Vonage evil VoIP provider
I'm not against Vonage or any other VoIP provider myself. The competition can only help us, the consumers. Vonage certainly does a lot of marketing that SunRocket hasn't so they are doing a lot of the promotion to the masses. In fact, I don't remember exactly how I found SunRocket (likely a just a random search for VoIP information back when we were considering to switch).
I haven't encountered the port blocking either (Comcast in MD area) and I'm using SunRocket. Other than when I first obtained their broadband (about 5 years ago), I really haven't had any real problems other than the price. Initially though, the line from the road to the house was giving me problems and they ended up replacing most of the connections to fix the semi-frequent drops (lasted about 2 months while dealing with the techs trying to resolve it).
Not being a VoIP expert, maybe each vendor has implimented things a little differently (ports) and Comcast is just going after some of the bigger vendors.
I guess the issue is should it be "required". Sure, having a laptop would be nice but should everyone be required to get one?
I wonder how "require all students to have notebook computers" applies to part time students and people who take a single class? I've taken two classes that weren't part of a degree program at a local college. Should I be required to have a laptop for them? Should all degree programs be required to have them?
Given the different learning styles, this may not work for every student. My son (12 years old) qualifies for an Alpha Smart but finds that he misses a lot of the class content when he tries to use it. Now it might be that he is still learning to type, but we can't assume that every college student can type with any proficiency as well.
unable to get a Software Developer job for 4 years now
The jobs aren't going to be searching for you so I have to question what are you doing to find the jobs? I realize you are upset at not having found anything, but my experience is that the jobs are available. Personally, I've recently had calls/emails from former co-workers all trying to cash in on hiring referrals (both new and experienced hires). The IT job market seems pretty strong to me.
So the questions for you are:
Given you have 4 years out of school, are you doing anything to keep your skills somewhat fresh?
Are you looking in job markets outside where you currently live? I used to live in Altoona PA and finding a tech job there was damm near impossible so I moved to Maryland.
Are you looking at entry level jobs or are you thinking they are beneath you? From your comment about 1 million lines of code, I gather that you feel you should walk right into a high paying job. That won't always be the case. You may have to work at a company where you get some experience and then look around after a year or two if they don't promote you (assuming that you deserve it from your work).
Are you networking with family, friends, alumni, etc...? I am registered with PSU for their alumni career link service and I've had plenty of family and friends ask me for pointers.
My son and I enjoyed where we each built up a block fort and would place the plastic soldiers on the fort. We would then take one of the extra blocks and slide it across the floor (no throwing) into the forts to see who could knock down all the enemy soldiers first. Of course this wasn't when he was 1, but that could give you something to look forward to.
Just don't let your gaming skills get too rusty. The 1 year old will eventually turn into a competitive game player themselves. My son was pretty good at some games around 7 or 8 years and now that he's 12, he can beat me at some of them (Tony Hawk being one of them). My daughter (9 years old) on the other hand still requires that I hold back on most of the games except some of the Mario Party mini-games.
My brother experienced a similar situation to what this guys is. He worked for a commercial water heater manufacturer who essentially looked at computers the same way the look at a tool on the assembly line. I doubt they would create a department around a machine press so they wouldn't create one around computers.
I agree with you though that this company isn't likely to be the lifelong career provider for this guy. I'd look for a more traditional company where information systems are looked at as a valuable service rather than an expensive tool.
Likely they would configure the software to block that particular device ID then. From a quick read of the product documentation, it looks as though they can lock down to fairly specific hardware (vendor, model, etc...). Most likely the approach should be to allow particular "approved" hardware rather than whole classes of hardware.
The IT staff where I work are about to employ a product similar to SafeBoot Port Control. I say similar because I forget the product name and it hasn't been pushed to my PC yet. Apparently the software we'll be getting will allow certain types of devices to be connected (keyboard and mouse) but will not allow others (thumb drive, mp3 players, cameras, etc...).
Given the size of media (thumb drives in particular), having a policy to prohibit the media is certainly one part of the solution, but if anyone really wants to connect it to a system, policy isn't going to stop them. Either disabling the ports physically or through managed software will have to be used.
That takes me back to my summer job while in college. I worked at an ice company in that primarily provided to beer distributors. The owner and the drivers occasionally bartered ice for beer and we'd sit in the freezer drinking after work. That was the one place where the beer actually seemed colder as you got to the bottom of the container.
We just deployed 14 dual headed workstations from HP that use the VX924 displays. The performance is decent but I miss the 1600x1200 resolution on my old dual head setup. I'll "suffer" through this though for the extra desktop space. We've had these systems for several months now so I'm not sure why this is news now.
It's been a long time since I've used Netscape. I wasn't aware it could use IE to render its html. What are these security features...
Netscape 8 allows you to specify security settings for the website visited in a tab (allow popups, run JavaScript, block cookies, etc...). These tabs also allow you to choose which engine to render the pages under (IE or Firefox). I run both Firefox and Netscape between systems at work and Netscape at home. Both seem to work fine although the Netscape software does tend to lag a little behind on getting the latest Mozilla updates integrated. At the time I wrote this, my Netscape software is still using Mozilla 1.06 while Mozilla 1.07 has been out for about a week (IRC).
Both my parents and my in-laws live a minimum of 4 hours away from us. We're far enough away to avoid the unplanned visits. This works great for most things, but was a real inconvenience when the kids were younger. We could have really used a little help with baby sitting on occasion, especially when the kids were sick and we both had work.
Well back in my day, we didn't have graphics and we liked it.
Zork Trilogy on my old Commodore 64, A nice text based adventure game.
Re:Don't ask Slashdot, ask an SSO/SSR/IAM/ISSO/IAS
on
Building Secure Computers?
·
· Score: 2, Insightful
First off, do you have a secure facility that you will work in? If so, you likely have security staff who have the specific requirements for your site. Make sure to speak with those who handle the AIS systems rather than physical security and personel security. As for asking on/., could you really rely on the information obtained here? Even if it is correct, you have to treat any information based on the source and trusting a post without knowing the source is unreliable. If you find that the DoD person you are in contact with does not have the answer, ask to speak with someone who does.
I'm asking/. the pros and cons of vendors vs. building it yourself. I'm asking/. what unexpected challenges they may have come accross in setting up the machine.
Standardized equipment has become pretty common place for secure deployments. Essentially your customer security representative should provide requirements for securing AIS systems as these differ from customer to customer and project to project. Generally though, this involves disabling some physical devices (external drives and ports), disabling/securing services, detailed logging, etc.... Certainly if you are required to secure hard disk, I'd recommend an enclosure that allows easy access for that, but you may not find that option in standard equipment. This may not be the case in all environments, especially if operated 24/7 but each customer may have their own requirements that you'll have to follow.
I guess the overall message is that you really need to work with your customer rather than any public forum for the general information. My thought on the specific question for vendor vs. custom systems is that approval will likely be easier for a vendor built system but certainly a custom system can be approved for use, you may just have more security work on your hands.
For another write up on this, check Reuters - Sun Micro announces open-source DRM project. The write up has a little more info on the need/impact of DRM but about the same level of details as the submitters link.
Slashdot Mirror
Typical use here is: sudo su -
Now what might be interesting is to see how Solaris's RBAC comes along. I'm still sort of new to it myself, but the little that I've done with it has allowed me to create a role that can manage a few services related to a single project (they are limited to start/stop on a temporary basis and refresh as needed). In my case, I setup that role as having manage and modify rights in SMF. The users don't need to have root or sudo, just a role login which doesn't have a lot of permissions.
In my development environment, sudo is often prefered (pre-RBAC and current as most of the SA's supporting us aren't exceptionally UNIX savy) over giving out the root password as the root password may be common to multiple systems and a user may only need to be in the sudoers file for a particular system.
My other suggestion is to register everybody a Gmail account for personal use
You may also find that some companies block access to external email sites like Gmail, Hotmail, Yahoo, etc... My employer found that most of the infections on the network were related to content from outside email services so their solution was to keep people from accessing them. People could forward messages from home if needed and the messages would still go through the regular virus scans/checks/etc.... While the policy can be pretty annoying at times, people have adjusted to the policy.
As for email limits, I believe ours is set around 43MB on the Exchange server. We do have local files (stored on a network drive) that are not subject to the size rule on the email server, but are addressed by a corporate policy (which I would guess most people likely break). We also have a retention policy of 90 days for messages unless a user moves it to their personal files (.pst).
I work in a larger company where sometimes we team with other companies and other times we are competitors. We even find cases where employees of our company can not share between other employees of the company due to customer requirements (i.e. Don't build a new commercial application using resources from customer funded development).
Google Desktop is a liability to many corporations. It may be a good tool for some companies, but I would definitely review it for a specific company before allowing it to be installed on a companies systems.
Overall, my experience with SunRocket has been quite good. Initially I did have a longer transition period to maintain my existing Verizon phone number, but SunRocket indicated that Verizon historically delayed transfering numbers and they credited me with the delay time.
Your concerns for power outages are justified. When you lose power to your residence, an UPS may help the situation, but if your ISP has a power issue as well, keeping your power on won't help if they lose network power too. We have cell phone service so we feel that the loss of power is a minimal risk (we also live about 2 blocks from the fire/EMS service too).
I did have a coworker though who tried SunRocket as well, and his experience was less than satisfying. In his case, he found some issue with using a FAX machine over the service and he said SunRocket wasn't able to resolve it to his satisfaction. He also said the tech instructed him that he couldn't use a feature on their "Gizmo" (their VoIP router) where an "emergency" line could be maintained incase of power/network failure. Now when I got my service, I was told I could use it and I tested pulling the both the network cable and the power supply from the Gizmo and still had dial tone. I'm guessing my coworker had one of the less experienced techs or something because the responses my coworker got seemed uninformed.
What you may want to do is review the SunRocket website to see if they still have the money back offer if you don't like the service. When I signed up, I remember it being a pro-rated return (only paid the amount for the month you were currently in so at most, I'd lose about $17 if I didn't like it).
Plus dude its only $17 per month
Apparently they are running a special that if you renew prior prior to your year running out, they'll give you 13 months for the $199 (which then puts the price around $15.30/month). I'm not sure of the exact details though, my wife took care of this a couple weeks ago.
Vonage evil VoIP provider
I'm not against Vonage or any other VoIP provider myself. The competition can only help us, the consumers. Vonage certainly does a lot of marketing that SunRocket hasn't so they are doing a lot of the promotion to the masses. In fact, I don't remember exactly how I found SunRocket (likely a just a random search for VoIP information back when we were considering to switch).
I haven't encountered the port blocking either (Comcast in MD area) and I'm using SunRocket. Other than when I first obtained their broadband (about 5 years ago), I really haven't had any real problems other than the price. Initially though, the line from the road to the house was giving me problems and they ended up replacing most of the connections to fix the semi-frequent drops (lasted about 2 months while dealing with the techs trying to resolve it).
Not being a VoIP expert, maybe each vendor has implimented things a little differently (ports) and Comcast is just going after some of the bigger vendors.
I guess the issue is should it be "required". Sure, having a laptop would be nice but should everyone be required to get one?
I wonder how "require all students to have notebook computers" applies to part time students and people who take a single class? I've taken two classes that weren't part of a degree program at a local college. Should I be required to have a laptop for them? Should all degree programs be required to have them?
Given the different learning styles, this may not work for every student. My son (12 years old) qualifies for an Alpha Smart but finds that he misses a lot of the class content when he tries to use it. Now it might be that he is still learning to type, but we can't assume that every college student can type with any proficiency as well.
The jobs aren't going to be searching for you so I have to question what are you doing to find the jobs? I realize you are upset at not having found anything, but my experience is that the jobs are available. Personally, I've recently had calls/emails from former co-workers all trying to cash in on hiring referrals (both new and experienced hires). The IT job market seems pretty strong to me.
So the questions for you are:
My son and I enjoyed where we each built up a block fort and would place the plastic soldiers on the fort. We would then take one of the extra blocks and slide it across the floor (no throwing) into the forts to see who could knock down all the enemy soldiers first. Of course this wasn't when he was 1, but that could give you something to look forward to.
Just don't let your gaming skills get too rusty. The 1 year old will eventually turn into a competitive game player themselves. My son was pretty good at some games around 7 or 8 years and now that he's 12, he can beat me at some of them (Tony Hawk being one of them). My daughter (9 years old) on the other hand still requires that I hold back on most of the games except some of the Mario Party mini-games.
Ah, the good old days of playing blocks.
My brother experienced a similar situation to what this guys is. He worked for a commercial water heater manufacturer who essentially looked at computers the same way the look at a tool on the assembly line. I doubt they would create a department around a machine press so they wouldn't create one around computers.
I agree with you though that this company isn't likely to be the lifelong career provider for this guy. I'd look for a more traditional company where information systems are looked at as a valuable service rather than an expensive tool.
Likely they would configure the software to block that particular device ID then. From a quick read of the product documentation, it looks as though they can lock down to fairly specific hardware (vendor, model, etc...). Most likely the approach should be to allow particular "approved" hardware rather than whole classes of hardware.
The IT staff where I work are about to employ a product similar to SafeBoot Port Control. I say similar because I forget the product name and it hasn't been pushed to my PC yet. Apparently the software we'll be getting will allow certain types of devices to be connected (keyboard and mouse) but will not allow others (thumb drive, mp3 players, cameras, etc...).
Given the size of media (thumb drives in particular), having a policy to prohibit the media is certainly one part of the solution, but if anyone really wants to connect it to a system, policy isn't going to stop them. Either disabling the ports physically or through managed software will have to be used.
While true that the devices are becoming more complex, wouldn't one expect quality control/processes to evolve with the more complex devices?
I have a 3xCPU Sun E450 running without any problems now for about 4 years. Initially I thought the configuration was sort of odd though.
Note: the processors in my E450 are all identical.
Consumer1 - I'm purchasing the XBox360 Live package.
Consumer2 - Well I'm only going to purchase the XBox360 bare version and save a little money to buy a game.
Day or two passes...
Consumer2 - Returns to store to purchase "Live Accessories" (at a price much higher than the bundle) so they can hit http://xboxupdate.microsoft.com./
Microsoft - Wins on either package sold.
Jim
That takes me back to my summer job while in college. I worked at an ice company in that primarily provided to beer distributors. The owner and the drivers occasionally bartered ice for beer and we'd sit in the freezer drinking after work. That was the one place where the beer actually seemed colder as you got to the bottom of the container.
We just deployed 14 dual headed workstations from HP that use the VX924 displays. The performance is decent but I miss the 1600x1200 resolution on my old dual head setup. I'll "suffer" through this though for the extra desktop space. We've had these systems for several months now so I'm not sure why this is news now.
It's been a long time since I've used Netscape. I wasn't aware it could use IE to render its html. What are these security features...
Netscape 8 allows you to specify security settings for the website visited in a tab (allow popups, run JavaScript, block cookies, etc...). These tabs also allow you to choose which engine to render the pages under (IE or Firefox). I run both Firefox and Netscape between systems at work and Netscape at home. Both seem to work fine although the Netscape software does tend to lag a little behind on getting the latest Mozilla updates integrated. At the time I wrote this, my Netscape software is still using Mozilla 1.06 while Mozilla 1.07 has been out for about a week (IRC).
Both my parents and my in-laws live a minimum of 4 hours away from us. We're far enough away to avoid the unplanned visits. This works great for most things, but was a real inconvenience when the kids were younger. We could have really used a little help with baby sitting on occasion, especially when the kids were sick and we both had work.
Which was great until I gained a mother-in-law that blocks Caller ID and doesn't understand *82.
Being married myself, I fail to see how this still isn't great. Now if only I could get my in-laws to go with private dialing I'd be set.
Well back in my day, we didn't have graphics and we liked it. Zork Trilogy on my old Commodore 64, A nice text based adventure game.
First off, do you have a secure facility that you will work in? If so, you likely have security staff who have the specific requirements for your site. Make sure to speak with those who handle the AIS systems rather than physical security and personel security. As for asking on /., could you really rely on the information obtained here? Even if it is correct, you have to treat any information based on the source and trusting a post without knowing the source is unreliable. If you find that the DoD person you are in contact with does not have the answer, ask to speak with someone who does.
/. the pros and cons of vendors vs. building it yourself. I'm asking /. what unexpected challenges they may have come accross in setting up the machine.
I'm asking
Standardized equipment has become pretty common place for secure deployments. Essentially your customer security representative should provide requirements for securing AIS systems as these differ from customer to customer and project to project. Generally though, this involves disabling some physical devices (external drives and ports), disabling/securing services, detailed logging, etc.... Certainly if you are required to secure hard disk, I'd recommend an enclosure that allows easy access for that, but you may not find that option in standard equipment. This may not be the case in all environments, especially if operated 24/7 but each customer may have their own requirements that you'll have to follow.
I guess the overall message is that you really need to work with your customer rather than any public forum for the general information. My thought on the specific question for vendor vs. custom systems is that approval will likely be easier for a vendor built system but certainly a custom system can be approved for use, you may just have more security work on your hands.
For another write up on this, check Reuters - Sun Micro announces open-source DRM project. The write up has a little more info on the need/impact of DRM but about the same level of details as the submitters link.
As an option, a slightly longer read on this is availble at Reuters - Sun Spearheads Open DRM. Both essentially cover main points.